I’m new to the container world. Does it have any security benefits when I run my applications as a non-root user in a docker container? And how about Podman? There I’ll run the container as an unprivileged user anyway. Would changing the user in the container achieve anything?

  • sudneo@lemmy.worldEnglish
    11·
    1 year ago

    Not really true, containers are based on namespaces which have always been also a security feature. Chroot has been a common “system” technique, afterall.

    Containers help security if built properly, and it’s easier to build a container securely (and run them), compared to proper SystemD unit security.

    • ck_@discuss.tchncs.deEnglish
      18·
      1 year ago

      containers are based on namespaces which have always been also a security feature.

      Incorrect.

      Chroot has been a common “system” technique, afterall.

      Incorrect.

      • sudneo@lemmy.worldEnglish
        4·
        1 year ago

        OK :)

        So chroot has not been used to isolate processes for decades to a confined view of the filesystem (especially in combo with a restricted shell), and for example the networking namespace is not used to limit the impact on a compromise on the firewall, the user namespace is not used to allow privileged processes to run de-facto unprivileged.

        Whatever you say