Rancher agent extreme privileged permissions

Hello there,

I’ve installed Rancher server and deployed also Rancher agent on the host. I was able to see the host in the Rancher server UI,

When I tried to connect to the agent container - I ran “ps- ef” command and I saw all the host’s processes , and i even managed to kill a host’s process within the Agent container (!) - it that because of the fact its running in “Privileged” mode ? it seems like a serious security hole.

I was also wondering - how Rancher is able to deploy containers to the hosts, when its not running a “root” agent on the host, but a container, do you have access to run every command on the host it self ? how come this is happening ,the container shouldn’t be isolated from the host it self ?

Hope to hearing from you soon,


I tried to start a different container with "--privileged -v /var/run/docker.sock:/var/run/docker.sock"
but still, I see only the container’s processes when I run "ps -ef" it is still isolated, unlike your agent which is running on my host.

Is it a serious security hole ? or am i missing something here ?

Please advise quickly,

This is the design of Docker. Privileged containers are root on the host, full stop. They can kill any process on the host. The list ps shows is determined by the process group it’s joined, but it’s still root and can change that.

The Rancher agent has to be privileged to launch other (potentially privileged) containers.

Hey Vincent,

I understand, but how come that i deployed an ubuntu container with priviliged access, but still I was not able to see the host’s processes and to kill it ?

$ docker run  --privileged  -v /var/run/docker.sock:/var/run/docker.sock  -it ubuntu:latest /bin/bash

root@eaf32016f113:/# ps -ef
root         1     0  0 08:56 ?        00:00:00 /bin/bash
root        16     1  0 08:56 ?        00:00:00 ps -ef

Did you do something special on your agent container ?



but in your documentation when adding host - you are not running the container with --pid=host

This is what you mention

sudo docker run -d --privileged -v /var/run/docker.sock:/var/run/docker.sock rancher/agent:v0.8.2 http://a.domain.com:8080/v1/scripts/1444734000000:SwT9S1SrN3xvze5hQNN1UPcGXzY 

I dont see the --pid=host

The command to register starts another container and then terminates. Among other reasons, the command would be much longer if you had to specify every option the agent actually needs: https://github.com/rancher/rancher/blob/da2471121f4a313b862ef98089cb2f20eb4a4753/agent/run.sh#L81-L109

It shouldn’t be an problem, because agent doesn’t expose a public port and no user should working with it.
It’s a needed host service like others (network, iptables, systemd,…) which runs on a server and need root permissions.
Instead of a service installed to the host it is deployed as a container.

Better a privileged agent instead of a privileged rancher Server container with a public reachable port (8080), right?