Show HN: Rootful containers can be more secure than rootless ones [Podman] (github.com)
While rootless containers are suitable for user-managed containers on a system, for server-based container deployments, utilizing the "--userns=auto" option provides a more secure solution in Podman.
In Podman, when running containers in a non-privileged environment (rootless), they operate within the same user namespace, potentially leading to attacks between containers.
However, running the containers as root (rootful) with the "--userns auto" flag, Podman ensures isolation within distinct user namespaces, thereby enhancing security.
0 comments
[ 3.1 ms ] story [ 14.2 ms ] threadNo comments yet.