non-root users should be perfectly safe inside a container. the problem could arise if they gain root privileges through a flaw in other software, kernel or userspace, but this should apply also for physical hosts: in lxc containers your can mitigate this with dropping some capabilities or using other additional methods, Olivier suggested a useful SMACK setup a month ago
http://www.mail-archive.com/[email protected]/msg02382.html Matteo ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev _______________________________________________ Lxc-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lxc-users
