You might say ‘just use a vm’ but I want the advantage of using the whole system’s resources while also having program isolation to test the suspect program.
In an unprivileged container is it secure (nothing is 100% but how secure compared to a vm) to run a program you think may contain a virus for example?
If you made the container without network access and unprivileged is it going to stop anything nasty getting out most likely?
I know there have been reported vulnerabilities with lxc containers but lxc containers I doubt would be the focus when injecting viruses into files since it is a very small use case. I mean when people add a malware to a file they want to target the biggest user base don’t they. So isn’t it the case that they wouldn’t spend their time focusing on breaking out of containers unless they only had that intent in mind from the get go?
I.e. wouldn’t the main threat be whether the virus intended for a linux OS in general were able to infect the host system via the container, and my question is would this be likely on an unprivileged container?
If not secure ‘out of the box’ can it be made to be pretty good with tweaks?