Docker newbie here, apologies in advance if I’m way off course; I couldn’t find anything on the forums for this topic though.
I’m aiming to run MRIQC, but while reading the documentation at: https://mriqc.readthedocs.io/en/stable/docker.html
there is the following statement which seems to appear out-of-the-blue, referencing security concerns (of my data?, of my computer?, of hackers?) and recommending various flags which are not subsequently explained anywhere else:
“For security reasons, we recommend to run the docker command with the options
--read-only --tmpfs /run --tmpfs /tmp . This will run the docker image in read-only mode, and map the temporary folders
/tmp to the temporal folder of the host.”
Looking for advice and any further explanation of (1) whether I should be using these flag, (2) how to run them, if so, and (3) what security vulnerabilities this is referencing. Thanks very much in advance for your help!