Embedded Files
Introduction
Introduction
Laymen explanation
Laymen explanation
Assume that you keep your bike key in a box which contains some material. Although bike keep is hidden in the box, it is not safe. Consider that someone could manage to open the box in your absence and found the bike key, your bike key is in risk. It is happening since bike key is kept at relatively unsafe place. Similar will be the case with running Linux container in privileged mode.
Technical explanation
Technical explanation
In general, running an unprivileged container is considered safer than running a privileged container since unprivileged containers have an increased degree of isolation by virtue of their design. Key to this is the mapping of the root UID in the container to a non-root UID on the host which makes it more difficult for a hack within the container to lead to consequences on host system. In other words, if an attacker manages to escape the container, he or she should find themselves with no rights on the host
Reference
Reference
https://wiki.archlinux.org/index.php/Linux_Containers
Page updated
Google Sites
Report abuse