[lxc-users] Security question: root w/ subuids vs. unprivileged.

Raimund Berger raimund.berger at gmail.com
Thu Nov 27 17:08:35 UTC 2014


Hi

a brief question from somebody uninitiated: would, from a security point
of view, running a privileged container with (mapped) subuids - and a
subuid'ed root in particular - be roughly as good as running an
unprivileged one?

I mean, the processes running inside the container would still be
unprivileged, with only lxc-start being owned by the host's root. Or
would possible attack surfaces in namespace isolation make a noticeable
difference here?

I'm asking since, as root, I'm guessing it might be easier to map select
devices - like OSS audio - into a container, even when mapping uids too,
which seems to be pretty much impossible to do with unprivileged
containers (for good reason, obviously). On the other hand would I
really like to try running everything as tight as possible, so that's
why the question. To understand what the tradeoff might be.

Thanks,
R.


More information about the lxc-users mailing list