[lxc-users] is starting unprivileged containers as root as secure as running them as any other user?
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Jan 8 18:58:38 UTC 2016
Quoting Carlos Alberto Lopez Perez (clopez at igalia.com):
> Hi,
>
>
> Suppose that we create an unprivileged container as root (using the
> download template or manually converting it with uidmapshift).
>
> Such container config will contain (for example) the following maps:
>
> lxc.id_map = u 0 100000 65536
> lxc.id_map = g 0 100000 65536
>
> And root would be also allowed to use them:
>
> $ usermod --add-subuids 100000-165536 root
> $ usermod --add-subgids 100000-165536 root
>
>
> My question is....
>
> From a security point of view, does creating and starting an
> unprivileged container as root make any difference than doing it as any
> other user of the host?
Yes.
For example, if you'll then be running lxc-attach as root instead of as
an unpriv user, then any attacks from inside the container against lxc-attach
will attack the root user.
> My understanding is that once the unprivileged container is running,
> root inside such container won't be able to get a host_uid < 100000 (in
> this example) so starting the unprivileged container as root will be as
> secure as starting the container as any other user that is allowed to do
> so via the subuid/subgid maps. Is this right?
>
> Thanks.
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list