Hi, I have a few questions regarding security aspects of LXD.
Do I understand it correctly that since the LXD daemon runs with root privileges on the host it does not matter which user is running the lxd/lxc commands? Or does it?
Is there a difference security wise between running lxd init and all the lxc commands as root versus as user with sudo permissions versus a restricted user without sudo permissions and possibly even running a restricted shell (rbash)?
On https://ubuntu.com/blog/custom-user-mappings-in-lxd-containers Stéphane writes about the downsides of per container maps: “It’s effectively impossible to share storage between two isolated containers as everything written by one will be seen as -1 by the other.”
I don’t understand that. One could simply set up a host directory giving read and/or write permissions to the host UIDs the container UIDs map to using ACLs and bind mount them in the two containers with separated user mappings. Or would that not work for any reason? Even simpler, even though less secure, one could set up a shared host directory on the lines of /tmp which all containers could share irrespective of their UID/GID mappings. Or is there a catch I don’t see?
What do you guys think of capsule8 and this article there: https://capsule8.com/blog/practical-container-escape-exercise/ ?