Docker standard image vs. Docker rootless images?

ElKo · August 30, 2023, 9:18am

Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

Environment
Rpi CM4
Raspbery Pi OS lite 64bit 6.1.36-v8+
Docker 24.0.4

This is may a newbie question but I have not found an answer yet.
I like to know the difference and use condition from Docker standard image vs. Docker rootless images.

https://help.passbolt.com/faq/hosting/how-to-use-rootless-images
I see that ports and paths are different. Anything else?
What I realy like to know is when to use which image?

Termindiego25 · August 30, 2023, 11:14am

Docker rootless is made for trying to mitigate privilege scalation if someone has access to the container.

If a hacker takes control of the container, there is a possibility to exit from the container and take control of the main server, so if Docker is executed as a user different from the root, the hacker will have restricted privileges.

This is the main difference between standard Docker and rootless Docker. The ports change because non-root users can’t bind protected service ports unless you change some configurations

ElKo · August 30, 2023, 3:26pm

Thank you for the explanation, now it makes sense to me!