the recent investigation concluded that switching to Docker-in-Docker (--privileged) would not provide a meaningful security improvement over the current Docker socket approach.
As a future enhancement, we could explore an agent-based architecture where container lifecycle operations are delegated to a dedicated service exposing a limited API, rather than giving the backend direct Docker access.
for a broader context see: #149
the recent investigation concluded that switching to Docker-in-Docker (
--privileged) would not provide a meaningful security improvement over the current Docker socket approach.As a future enhancement, we could explore an agent-based architecture where container lifecycle operations are delegated to a dedicated service exposing a limited API, rather than giving the backend direct Docker access.
for a broader context see: #149