Quoting Fabio Tudone (fa...@paralleluniverse.co) (fa...@paralleluniverse.co): > I really meant unprivileged containers created for example by the > download template. > > Usually subuids have an empty set of capabilities on the host, which > means that even if they were accessing host resources they wouldn't > be able to do much, so they are effectively "jailed". On the other > hand if a regular host's user is mapped into the container it would > theoretically be able to access host resources with the same > capabilities granted to the host's user, isn't it?
No. So long as the container has an lxc.id_map entry, it will run in a private user namespace, and will have no capabilities with respect to the host. It will have full caps wrt any uids mapped into the container, and any resources created by the container. > On a more practical level what could be the security implications? > Are there host resources that a malicious program could compromise > when running in a container with the capabilities of a regular host > user mapped in there? Even because of (hypothetical) system issues / > bugs / vulnerabilities. Can someone think of actual examples? yes. _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
