|
|
@@ -145,10 +145,7 @@ Because of [limitations in the `mount`
|
|
|
function](http://lists.linuxfoundation.org/pipermail/containers/2015-April/
|
|
|
035788.html), moving subdirectories within the host's source directory can give
|
|
|
access from the container to the host's file system. This requires a malicious
|
|
|
-user on the host with root access or with access to the Docker socket. Access to
|
|
|
-the Docker socket is equivalent to being privileged/root on the host. If your
|
|
|
-systems defines a `docker` group, be aware all its members have the necessary
|
|
|
-privileges to exploit this.
|
|
|
+user with access to the mounted directory on the host.
|
|
|
|
|
|
>**Note**: The host directory is, by its nature, host-dependent. For this
|
|
|
>reason, you can't mount a host directory from `Dockerfile` because built images
|
Mary Anthony