On Wed, May 10, 2017 at 4:22 AM, Andrey Repin <[email protected]> wrote:
> Greetings, T.C 吳天健! > > > Its said privileged container is unsecured . For example, if a user in > the > > container (suppose it's running a service toward the public) hack the > system > > with some kind of root kit. > > This is not specifically correct. The road to compromising the container is > rather thorny. > Even if container is privileged and the container owner has root access > inside > the container, gaining any host advantage would be hard if not impossible, > unless the host configuration is far from sane. > > > I am thinking of building a more secure container. The first idea is to > > use unprivileged container; Second is apply cgroup to limit viewing of > some > > sensitive /dev files, and any recommendation? > > LXD by default is "secure" in sense that even if container is compromised, > the > effective UID the container user is running from has no rights on the host. > > ... and there's also the option in lxd to use separate u/gid range for each container (by default all unpriv lxd containers share the same u/gid range). > > Summary > > -use unprivileged container > > Right. > > > -cgroup to limit viewing of some /dev files > > Unnecessary in real-world application. > > lxc and lxd already limits which device nodes (block and char) allowed in the container. @T.C, what are your requirements/ideas that isn't already available in lxd? -- Fajar
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
