[lxc-users] Risk/benefit of enabling user namespaces in the kernel for running unprivileged containers
John
da_audiophile at yahoo.com
Thu Jan 12 07:56:04 UTC 2017
>From S. Graber's blog[1] and other sources, consensus is that unprivileged containers offer the best security from the container's perspective. There is quite a discussion in an Arch Linux feature request[2] around the risks of enabling user namespaces in the distro default kernel as it applies to the host OS as I understand it. Ultimately, the Arch developers believe that it is too much of a risk to implement, and this has been echoed as recently as May of 2016[3].
I'm unclear about several points:
*Is it true that enabling CONFIG_USER_NS makes LXCs safer but at the cost of decreasing security on the host?
*Under what circumstances is that true if at all?
*How contemporary are the arguments against enabling this option now in 2017 with Linux kernel v3.9.2 and lxc v2.0.6?
*Are any of the concerns valid against older kernels such as the 4.4.x series or the 3.14.x series? I ask because several ARM devices use these as their mainline kernels.
Thanks all!
1. https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers
2. https://bugs.archlinux.org/task/36969
3. https://bugs.archlinux.org/task/49337
More information about the lxc-users
mailing list