Comment on Does running applications inside a container as an unprivileged user have any security benefits?
sudneo@lemmy.world 1 year agoNot really true, containers are based on namespaces which have always been also a security feature. Chroot has been a common “system” technique, afterall.
Containers help security if built properly, and it’s easier to build a container securely (and run them), compared to proper SystemD unit security.
ck_@discuss.tchncs.de 1 year ago
Not correct.
Not correct.
sudneo@lemmy.world 1 year ago
OK :)
So chroot has not been used to isolate processes for decades to a confined view of the filesystem (especially in combo with a restricted shell), and for example the networking namespace is not used to limit the impact on a compromise on the firewall, the user namespace is not used to allow privileged processes to run de-facto unprivileged.
Whatever you say
wreckedcarzz@lemmy.world 1 year ago
[citation needed]