[lxc-users] Security of root vs. user based unprivileged containers
david.andel at bli.uzh.ch
david.andel at bli.uzh.ch
Wed May 13 20:47:26 UTC 2015
Hi
How the subject says, I would like to understand all the security aspects of root vs. user based unprivileged containers.
As far as I understand containers with the same namespace mapping can interact with each other because the UID on the host is identical.
Also, if I understand it correctly, even a downloaded root based unprivileged container cannot mess with the host system since once it is started it's running entirely in it's own namespace.
So the only real difference I see is that the lxc-... commands are run either with root or with restricted privileges.
Is there any other security relevant difference?
Thanks for elucidation,
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150513/1e7ac897/attachment.html>
More information about the lxc-users
mailing list