How do i you decide whats safe to run
I recently ran Gossa on my home server using Docker, mounting it to a folder. Since I used rootless Docker, I was curious - if Gossa were to be a virus, would I have been infected? Have any of you had experience with Gossa?
Containers are isolated from the host by default. If you give a container a mount, it can only interact with the mount, but not the running host. If you further isolated and protected that mount, you would have been fine. Since you ran it as your unprivileged user, it’s one step safer from being able to hijack other parts of the machine, and if it was a “virus”, all it could do is write files to the mount and fill up your disk I guess, or drop a binary and hope you execute it.
Are you certain about that? My understanding is that Docker containers are literally just processes running on the host (ideally rootless), but with no isolation in the way that VMs are isolated from the host.
If you have some links for further reading it would be great, as I have been extremely cautious with my Docker usage so far.
I haven’t found anything to refute this, but this post from 2017 states: