I have ran several containers in past on a friend’s system and also in my lab where I see other users getting access to the same node when it is free. This makes my containers vulnerable for quick access through
lxc exec command. I think I am not the only one who has faced this vulnerability in past.
From the security perspective I really feel that there needs to be an option for securing the console access of a lxd container with a password.
Thus, I request for an option to add password to restrict console access.
I think this feature can be added as follows:
An option can be added in lxd container profile that keeps the container password in encrypted format. Then on running
lxc exec command it checks if the password is present in profile and if it exists then it should prompt for entering a password. On entering the password the command verifies if the encrypted password stored in lxc profile matches with the entered password the user is granted access.
This would save a lot of hassle in terms of container security.