[arch-general] Linux container
siosm99 at gmail.com
Wed Feb 12 14:31:14 EST 2014
On 12/02/2014 20:06, ProgAndy wrote:
> To secure your container you have to make sure that the users in the
> container will be represented as different ids to the host system.
> Especially root in the container must not have root access to the host.
> Here is some more reading material for you:
The (kernel) feature discussed here is the user namespace. It enables
cointainers to have a different uid/guid mapping than the one on the
host. This should be a safe way to allow root users inside containers
whitout giving them full access on the host at the same time.
This feature is relatively new and is not enabled in the default Arch
$ zgrep USER_NS /proc/config.gz
# CONFIG_USER_NS is not set
You'll have to build a custom kernel.
More information about the arch-general