I’m new to the container world. Does it have any security benefits when I run my applications as a non-root user in a docker container? And how about Podman? There I’ll run the container as an unprivileged user anyway. Would changing the user in the container achieve anything?

  • sudneo@lemmy.worldEnglish
    9·
    11 months ago

    Not really true, containers are based on namespaces which have always been also a security feature. Chroot has been a common “system” technique, afterall.

    Containers help security if built properly, and it’s easier to build a container securely (and run them), compared to proper SystemD unit security.

    • ck_@discuss.tchncs.deEnglish
      16·
      11 months ago

      containers are based on namespaces which have always been also a security feature.

      Incorrect.

      Chroot has been a common “system” technique, afterall.

      Incorrect.

      • sudneo@lemmy.worldEnglish
        3·
        11 months ago

        OK :)

        So chroot has not been used to isolate processes for decades to a confined view of the filesystem (especially in combo with a restricted shell), and for example the networking namespace is not used to limit the impact on a compromise on the firewall, the user namespace is not used to allow privileged processes to run de-facto unprivileged.

        Whatever you say