How secure is a container running with security.nesting=true
? Unprivileged, but with a root
user inside the container.
With security.nesting=true
for CONTAINER1, you have something like
HOST-LXD[ CONTAINER1-LXD[ MYCONTAINER1, MYCONTAINER2 ] ]
Any potential risk would affect the parts that are in bold, not the host.
Thanks for the fast response. MYCONTAINER1 etc being nested LXD or Docker containers?
I think it’s either container (LXD, Docker, etc) as nested container.