I’ve installed Rancher server and deployed also Rancher agent on the host. I was able to see the host in the Rancher server UI,
When I tried to connect to the agent container - I ran “ps- ef” command and I saw all the host’s processes , and i even managed to kill a host’s process within the Agent container (!) - it that because of the fact its running in “Privileged” mode ? it seems like a serious security hole.
I was also wondering - how Rancher is able to deploy containers to the hosts, when its not running a “root” agent on the host, but a container, do you have access to run every command on the host it self ? how come this is happening ,the container shouldn’t be isolated from the host it self ?
Hope to hearing from you soon,