[lxc-users] Privilege separation between containers
Narcis Garcia
debianlists at actiu.net
Mon Dec 2 19:34:33 UTC 2019
For my first LXC tests, I've created an "lxc" unprivileged account and
"vhosts" group for it.
One key of the unprivileged account is to not be same user as root one,
of course. But what about when I'm using same unprivileged account for
more that one container (VPS)?
I mean that, to be sure malicious user or program from one container, it
hasn't permissions to access any to other container's resources, I
suppose I should launch each unprivileged container with a different
host's uid and gid.
Am I right?
--
__________
I'm using this express-made address because personal addresses aren't
masked enough at this mail public archive. Public archive administrator
should fix this against automated addresses collectors.
More information about the lxc-users
mailing list