[lxc-users] Is an unprivileged LXC where the host user itself is mapped to 0 less secure of one where one of its subids is mapped to 0, and why?
Fabio Tudone (fabio@paralleluniverse.co)
fabio at paralleluniverse.co
Wed Sep 30 10:30:00 UTC 2015
Hi,
instead of creating "regular" LXC unprivileged containers where all the
users are mapped to (unprivileged) subuid/gid of my host user, I'm
considering a mapping where my host user itself will be mapped to user 0
(root). They'd be very slim single-app containers.
The reason is that in this way I don't need the rootfs directory
subtree, which resides in my user's home, to be namespace-|chmod|to a
different user and I can delete it with a plain|rm|instead of a
namespace one.
Is this kind of LXC less secure than the "regular" one, and why is it?
What could happen in the worst case?
Thanks,
-- Fabio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150930/c4ad6ad8/attachment.html>
More information about the lxc-users
mailing list