[lxc-users] Is an unprivileged LXC where the host user itself is mapped to 0 less secure of one where one of its subids is mapped to 0, and why?
Fabio Tudone (email@example.com)
fabio at paralleluniverse.co
Mon Oct 5 16:58:01 UTC 2015
On 09/30/2015 08:38 PM, Serge Hallyn wrote:
>> On a more practical level what could be the security implications?
>> Are there host resources that a malicious program could compromise
>> when running in a container with the capabilities of a regular host
>> user mapped in there? Even because of (hypothetical) system issues /
>> bugs / vulnerabilities. Can someone think of actual examples?
Could you expand on that? What could happen for example? I'm no security
expert but I'm interested in understanding the implications.
More information about the lxc-users