[citation needed]
Comment on Does running applications inside a container as an unprivileged user have any security benefits?
ck_@discuss.tchncs.de 1 year agocontainers are based on namespaces which have always been also a security feature.
Not correct.
Chroot has been a common “system” technique, afterall.
Not correct.
wreckedcarzz@lemmy.world 1 year ago
sudneo@lemmy.world 1 year ago
OK :)
So chroot has not been used to isolate processes for decades to a confined view of the filesystem (especially in combo with a restricted shell), and for example the networking namespace is not used to limit the impact on a compromise on the firewall, the user namespace is not used to allow privileged processes to run de-facto unprivileged.
Whatever you say