@x_cli One question about the proper use of containers (*not* VM, only containers). Is it reasonable to give root access in a container to someone who is not root on the host? I always thought the answer was No and this is how I manage containers. The report mention "public cloud service". Are there services where tenants have root access to a container?

@bortzmeyer
Do you know about user namespaces? Their root is not privileged in their parent user namespace (if there is UID/GID mapping).

@x_cli @bortzmeyer @x_cli that's not how docker security works. That's not even how Linux user namespaces work. None of it was built for security
Follow

@feld
Please enlighten me instead of shitting on my answer without providing any other "value".
@bortzmeyer

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.