DomainKey-Signature: a=rsa-sha1; c=nofws; d=toastin.space; h=subject:to
	:references:from:message-id:date:mime-version:in-reply-to
	:content-type:content-transfer-encoding; q=dns; s=ml; b=igYb8HXp
	bJ5wMfeOqlxDj+BTkUPdr8Pc/8INuyP/9gwmbYPEym64MsWJOifOwqDac3sphgKT
	J3X2HtbT3IiTD8ThTrPCNQtnnD0Facb199J2gQs5DZwHgL/vm+MNGSixQN7YB5wk
	lI1IC+8R60bcYh9r4mgJx/gVpuraGCnQF4nttw0yoB+DMvGmStR6Yr9HVtB2LKOE
	xRVNq/+E2dDiHU5hgaTiNcvsf7kx9CfDrzIWVBMEHxkgjp2QgdVByufU4Tq5Hx2u
	hUGZxY+9+tR3mnoI35Pcuw7IyeLQkxfBOYdV4Sk+9499sHvZ3R9fnRLFBdKEQOmm
	Ibe+VS8DRZqejA==
Subject: Re: [alpine-user] liblxc segfaults when trying to start unprivileged
 container
To: alpine-user@lists.alpinelinux.org
References: <20190304235659.b64e6019003b26b4edcb2a67@googlemail.com>
 <988908273.7812074.1553849007859@mail.yahoo.com>
 <d8dcca4f-4cb0-ee45-31b0-d497907a016f@toastin.space>
 <20190616173409.0a99d8d8aa40165b1e1eec1d@googlemail.com>
From: Chloe Kudryavtsev <toast@toastin.space>
Message-ID: <38573bec-929a-4800-7394-5786453dc563@toastin.space>
Date: Sun, 16 Jun 2019 12:44:16 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:67.0) Gecko/20100101
 Thunderbird/67.0
Precedence: list
MIME-Version: 1.0
In-Reply-To: <20190616173409.0a99d8d8aa40165b1e1eec1d@googlemail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 6/16/2019 11:34 AM, Daniel Kulesz wrote:
> Hi Chloe,

Heya.

> Would you argue that running unprivileged containers as root is more secure than enabling this option and running unprivileged containers as non-root?

That kind of depends - these are different things with different concerns:
1. Running subuid (unprivileged) containers as root.
2. Having unprivileged user namespaces enabled.

It's hard to actually claim having one is "more secure" than the other, 
since it'd be like comparing apples and oranges.
I personally prefer doing the former, through lxd, but that shouldn't 
necessarily dictate what you do.

However, to be pedantic, I'm going to answer your question as-asked.
Running unprivileged containers as a user is undeniably more secure (or, 
at least, of equivalent security) to running unprivileged containers as 
root.
The concern is not with the containers, but with the unprivileged userns 
option being enabled at all.

> P.S.
> I found a promising tutorial for running unprivileged containers as root:
> 
> https://blog.benoitblanchon.fr/lxc-unprivileged-container/

You run unprivileged containers as root the same way you run them as 
non-root, just while being root.
I'd also recommend following upstream's documentation [1] rather than 
arbitrary tutorials.

P.S.
In case any of the above is unclear, do feel free to ask for further 
explanations.
Having a general understanding of linux namespaces and suid mechanics 
should be enough, though.

Recommended reading (just in case it's sufficient without requiring any 
further explanation):
- setuid(2)
- namespaces(7), including "see also"
- https://lwn.net/Articles/531114/#series_index (especially part 5)
- https://lwn.net/Articles/543273/

[1]: 
https://linuxcontainers.org/lxc/getting-started/#creating-unprivileged-containers-as-root


---
Unsubscribe:  alpine-user+unsubscribe@lists.alpinelinux.org
Help:         alpine-user+help@lists.alpinelinux.org
---