On Tue, Sep 08, 2015 at 04:14:58PM +0200, Michał Zegan wrote:
> Hello.
>
> Before you stated that containers are not a security feature right
> now. It is required to manually shift uids/gids on images etc.
Yes.
Also, if you uid-shift the container's root directory, using `--private-users`
witho
Hello.
Before you stated that containers are not a security feature right now.
It is required to manually shift uids/gids on images etc.
What are other known problems with containers that use ALL namespaces?
Like if not counting the problem of uid allocation and manual shifting
of them.
_
On Sun, Sep 6, 2015 at 6:00 PM, Lennart Poettering
wrote:
> On Sun, 06.09.15 17:49, Michał Zegan ([email protected]) wrote:
>
>> Hello.
>>
>> Is systemd-nspawn intended to eventually become usable for full system
>> containers/general use with enough security to run things like vps hostin
On Sun, 06.09.15 17:49, Michał Zegan ([email protected]) wrote:
> Hello.
>
> Is systemd-nspawn intended to eventually become usable for full system
> containers/general use with enough security to run things like vps hosting?
> How much is missing to be able to do that, or maybe it alrea
Hello.
Is systemd-nspawn intended to eventually become usable for full system
containers/general use with enough security to run things like vps
hosting? How much is missing to be able to do that, or maybe it already
can? Like you have user namespaces support that probably adds more
security
