Document why we require root to run this

[consideRatio]

Our Dockerfile runs the script as root, we shouldn't.

But, maybe we must? I'm not sure. Are we expected to run this container with a mounted docker socket that requires us to run as root or something?

[yuvipanda]

Nope, we can run as non-root as long as the docker socket is accessible. Access to the docker socket does make us 'root equivalent' though. We might have to belong to the 'docker' group maybe? I don't know what permissions bind mounted docker socket usually has

[consideRatio]

This can probably then be closed by documenting in #7, as we may require being root.

. Access to the docker socket does make us 'root equivalent' though.

Does it matter if the docker socket is exposed via another Pod, a daemonset on the node, rather than being directly installed on the node? Or is it? Hmm... I'm very vague about these matters and would love to acquire some overview about this.

[minrk]

It needs access to the docker socket and access to measure disk usage (~du -hs /var/lib/docker). This usually requires root.

[manics]

Does it matter if the docker socket is exposed via another Pod, a daemonset on the node, rather than being directly installed on the node?

It's a unix or network socket. It doesn't matter who it's owned by, if you're allowed to connect to it you can run any Docker command, which means you've effectively got administrative control of the Docker host (this is one of the issues rootless Docker or Podman solve).