Comment on Dedicated service user or not ?
iii@mander.xyz 2 days ago
One if my clients got hacked via an insecure application, that was used to get a shell, to then escalate to root via docker. Luckily it was a white hat team we hired.
Is it worth it to go rootless? Depends on your threat model
mat@jlai.lu 2 days ago
I am already running rootless podman. My question is more about dedicated service users vs single user to run everything, still in rootless podman. I like podman and its integration with systemd to manage the life cycle of the container compared to docker.