Greetings, all. First and foremost thank you for providing this forum; it is an invaluable service.
My post is about best practices to secure LXD. I have the following questions:
- Are LXD containers by default unprivileged (assuming I run LXD as a non-root user on the host. the non-root user has sudo privileges)
- Normally when I want to execute within in a container I will use “lxc exec – /bin/bash”. This will initiate a session as root. Is this inherently insecure? Should I be initiating sessions as a non-root user w/ sudo privileges?
Any other suggestions to make my LXD use more secure? 99% of my containers are services that run in the background (nextcloud, airsonic, plexmediaserver, HAProxy, etc.) but I do run Firefox in a LXD container.