On Wed, May 17, 2017 at 10:59 AM, Dr. Todor Dimitrov <[email protected] > wrote:
> I guess LXD would not be an option since we are talking about resource > constrained devices. The unprivileged user is actually used only for > namespacing purposes and not for actual logins. The power user starts a > “provisioning/bootstrapping" process as the unprivileged user, which in > turn starts the lxc container and performs some additional tasks, e.g. > monitoring. The bootstrapping process might not be “trusted” in the sense > that it could have bugs, which should not have any adverse effects on the > main functionality of the device. > > lxd would make the process a whole lot easier. And it shouldn't consume too much resource. However it should also be possible to achieve what you want using standar lxc1 tools. > Maybe the problem can be re-formulated: is an unprivileged container owned > by an unprivileged user any more safer than an unprivileged container owned > by root? > In theory, yes. In real-world use case I believe it's pretty much similar. Just use root-owned unpriv container. -- Fajar
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
