[lxc-users] Security of root vs. user based unprivileged containers

david.andel at bli.uzh.ch david.andel at bli.uzh.ch
Wed May 13 20:47:26 UTC 2015


Hi

How the subject says, I would like to understand all the security aspects of root vs. user based unprivileged containers.

As far as I understand containers with the same namespace mapping can interact with each other because the UID on the host is identical.

Also, if I understand it correctly, even a downloaded root based unprivileged container cannot mess with the host system since once it is started it's running entirely in it's own namespace.
So the only real difference I see is that the lxc-... commands are run either with root or with restricted privileges.
Is there any other security relevant difference?

Thanks for elucidation,
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150513/1e7ac897/attachment.html>


More information about the lxc-users mailing list