[lxc-users] Is an unprivileged LXC where the host user itself is mapped to 0 less secure of one where one of its subids is mapped to 0, and why?
Fabio Tudone (fabio@paralleluniverse.co)
fabio at paralleluniverse.co
Mon Oct 5 16:58:01 UTC 2015
On 09/30/2015 08:38 PM, Serge Hallyn wrote:
>> On a more practical level what could be the security implications?
>> Are there host resources that a malicious program could compromise
>> when running in a container with the capabilities of a regular host
>> user mapped in there? Even because of (hypothetical) system issues /
>> bugs / vulnerabilities. Can someone think of actual examples?
> yes.
Could you expand on that? What could happen for example? I'm no security
expert but I'm interested in understanding the implications.
Thanks,
-- Fabio
More information about the lxc-users
mailing list