"Fajar A. Nugraha"
writes:
> On Fri, Nov 28, 2014 at 12:08 AM, Raimund Berger
>
> wrote:
>
>> I'm asking since, as root, I'm guessing it might be easier to map select
>> devices - like OSS audio - into a container, even when mapping uids too,
>> which seems to be pretty much impossible to do wi
On Fri, Nov 28, 2014 at 12:08 AM, Raimund Berger
wrote:
> I'm asking since, as root, I'm guessing it might be easier to map select
> devices - like OSS audio - into a container, even when mapping uids too,
> which seems to be pretty much impossible to do with unprivileged
> containers (for good r
Hi
a brief question from somebody uninitiated: would, from a security point
of view, running a privileged container with (mapped) subuids - and a
subuid'ed root in particular - be roughly as good as running an
unprivileged one?
I mean, the processes running inside the container would still be
unp