I’m new to the container world. Does it have any security benefits when I run my applications as a non-root user in a docker container? And how about Podman? There I’ll run the container as an unprivileged user anyway. Would changing the user in the container achieve anything?

  • ck_@discuss.tchncs.deEnglish
    18·
    10 months ago

    containers are based on namespaces which have always been also a security feature.

    Incorrect.

    Chroot has been a common “system” technique, afterall.

    Incorrect.

    • sudneo@lemmy.worldEnglish
      4·
      10 months ago

      OK :)

      So chroot has not been used to isolate processes for decades to a confined view of the filesystem (especially in combo with a restricted shell), and for example the networking namespace is not used to limit the impact on a compromise on the firewall, the user namespace is not used to allow privileged processes to run de-facto unprivileged.

      Whatever you say