No problems with the small amount of testing I managed yesterday. I'm expecting to have a bit more to say on Docker after Easter, when I should have time to sit down with our head of support, and try and convince them to give it a shot.

So far though I'm really happy with it though. Got a few niggles that I still need to iron out, but I'm getting pretty good speeds, and the ease of use once setup is very encouraging.

I've done a couple of tests in Google Cloud, just to see how it ran using a bit of a zombie setup where an internal telnet connection, launched an SSH connection to an SSH server container in the cloud, which launched another container running AShell. Using Googles Container Optimised OS, it was starting up faster, including the connection times, whilst only being slightly slower processing than when running locally. That's going to be largely down to the SoftOptions client we're still using though.

How is everyone managing the fact that the docker daemon runs with root privileges? It's the part of the system that's giving me the largest amount of worry.

If we're running on the assumption that each user will connect to our server running docker, and get their own container running AShell, then I'm assuming everyone else has docker running as part of the bashrc or similar. Now the user account itself doing that can be restricted, but as far as I can tell, if the user were able to escape your startup script, and get access to the shell, there's nothing stopping them starting a new container with the root directory mounted within it, and then having access to the whole of the system.

Is this easily locked down, or preventable? Or am I just being overly concerned, or missing something?

I think it's a problem which hasn't been completely sorted out in the Docker world. There are lots of blog posts like this stackexchange thread discussing it, but I must admit I haven't gotten deep enough into it to come to any conclusions.

I've look into a few options, with varying levels of complexity. For now I think I'm fairly happy with the solution I've put in place. Essentially I've not given the user permission to run docker.

I've written a startup script that starts docker in a very specific way. The use doesn't have any privileges over this script. What they do have however, is sudo privileges to run the script, which in turn runs docker with some pre-set arguments.

This seems to work well enough for what I need, with the user not being able to start their own custom docker instance, or tweak the existing one in any way. It's then a simple process of having this script start automatically when they login, thus taking them straight into AShell.