[lxc-users] Risk/benefit of enabling user namespaces in the kernel for running unprivileged containers

John da_audiophile at yahoo.com
Thu Jan 12 07:56:04 UTC 2017


>From S. Graber's blog[1] and other sources, consensus is that unprivileged containers offer the best security from the container's perspective.  There is quite a discussion in an Arch Linux feature request[2] around the risks of enabling user namespaces in the distro default kernel as it applies to the host OS as I understand it.  Ultimately, the Arch developers believe that it is too much of a risk to implement, and this has been echoed as recently as May of 2016[3].

I'm unclear about several points:
*Is it true that enabling CONFIG_USER_NS makes LXCs safer but at the cost of decreasing security on the host?
*Under what circumstances is that true if at all?
*How contemporary are the arguments against enabling this option now in 2017 with Linux kernel v3.9.2 and lxc v2.0.6?
*Are any of the concerns valid against older kernels such as the 4.4.x series or the 3.14.x series?  I ask because several ARM devices use these as their mainline kernels.

Thanks all!

1. https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers

2. https://bugs.archlinux.org/task/36969
3. https://bugs.archlinux.org/task/49337


More information about the lxc-users mailing list