So many of the bugs in that code become local privilege escalation. Containers hurt security overall.
-
-
Replying to @CopperheadOS @stribika and
Well userns was implemented totally wrong, as direct remapping rather than a layer in between...
1 reply 0 retweets 0 likes -
Replying to @RichFelker @CopperheadOS and
In principle you could disable it and do secure containers fully with ptrace+seccomp, I think...
1 reply 0 retweets 0 likes -
Replying to @RichFelker @stribika and
Problem is OS containers. They want to be able to boot a fully functional OS without privileges...
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @RichFelker and
So they've ended up exposing a huge amount of functionality previously accessible only to root.
2 replies 0 retweets 0 likes -
Replying to @CopperheadOS @stribika and
The problem is that they exposed it rather than virtualizing it. Latter should be possible w/seccomp
1 reply 0 retweets 0 likes -
Replying to @RichFelker @stribika and
An example is that containers have access to all of netfilter for setting up their own firewall rules.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @stribika and
Totally understand what you mean. I'm saying their access should be only to a virtual netfilter...
1 reply 0 retweets 0 likes -
Replying to @RichFelker @CopperheadOS and
...running in userspace as the uid that created the container with no special access to real kernel.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @stribika and
Virtual machines would end up being faster. Really hoping that https://lwn.net/Articles/644675/ … is a success.
1 reply 0 retweets 1 like
I don't think so, and they seriously require kernel-level facilities (MMU virtualization).
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.