How secure is combination of dropping sys_admin capability and mounting
proc and sys read-only?
What would be potential attack vector to break out from such container?
What are downsides of running such container? I've tried running debian
with nginx, php-fpm and standard stuff like syslog, ssh, getty and it seems
to work fine. Changing hostname and mount inside container doesn't work,
but that's not a big deal, since I'm controlling both host and container,
so I can set hostname and mount points in container config file.
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
