How secure is security.nesting=true?

security

(Saul Costa) #1

How secure is a container running with security.nesting=true? Unprivileged, but with a root user inside the container.


#2

With security.nesting=true for CONTAINER1, you have something like

HOST-LXD[ CONTAINER1-LXD[ MYCONTAINER1, MYCONTAINER2 ] ]

Any potential risk would affect the parts that are in bold, not the host.


(Saul Costa) #3

Thanks for the fast response. MYCONTAINER1 etc being nested LXD or Docker containers?


#4

I think it’s either container (LXD, Docker, etc) as nested container.