[lxc-users] Is an unprivileged LXC where the host user itself is mapped to 0 less secure of one where one of its subids is mapped to 0, and why?

Fabio Tudone (fabio@paralleluniverse.co) fabio at paralleluniverse.co
Mon Oct 5 16:58:01 UTC 2015

On 09/30/2015 08:38 PM, Serge Hallyn wrote:
>> On a more practical level what could be the security implications?
>> Are there host resources that a malicious program could compromise
>> when running in a container with the capabilities of a regular host
>> user mapped in there? Even because of (hypothetical) system issues /
>> bugs / vulnerabilities. Can someone think of actual examples?
> yes.

Could you expand on that? What could happen for example? I'm no security 
expert but I'm interested in understanding the implications.


-- Fabio

More information about the lxc-users mailing list