Are priviledged less secure then unpreviledged containers

If a user manages to get root access to a privileged container, they can reasonably easily gain root on the host. If there is no way for the user to gain root access in the container, then it’s not so bad.

In an unprivileged container, even gaining root access in the container isn’t really a big deal as you’re still an unprivileged user as far as the kernel is concerned. Yes, you do own some kernel resources (namespaces, network devices, …) but those privileges are tied to those devices and can’t be used against the host.

2 Likes