@x_cli One question about the proper use of containers (*not* VM, only containers). Is it reasonable to give root access in a container to someone who is not root on the host? I always thought the answer was No and this is how I manage containers. The report mention "public cloud service". Are there services where tenants have root access to a container?


Do you know about user namespaces? Their root is not privileged in their parent user namespace (if there is UID/GID mapping).

That will be the topic of my new MISC article, published in march or may.

@x_cli @bortzmeyer @x_cli that's not how docker security works. That's not even how Linux user namespaces work. None of it was built for security

Please enlighten me instead of shitting on my answer without providing any other "value".

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.