You are not logged in.
I haven't been able to figure out if I should or should not use user namespaces custom kernel in order to use unprivileged containers ie if they would be the advised way to use containers vs the privileged default ones arch would use out of the box.
If I am the only person using the containers is it still recommended to use unprivileged containers or is it mostly unneeded? I only want the containers to run several instances of openvpn (again only for my own use to run a certain script with IP diversity). I will be connecting to public vpn though so I don't know if that changes matters in terms of security? not knowing the legitimacy of the clients.
I read that both pose security risks in that root will be a security risk but also that user namespaces activated is also a security risk. So which is the better way to go bearing in mind my intended use case stated above?
Last edited by MarthaParkin (2017-12-17 19:32:38)
Offline
Why don't you instead enable user namespaces via the runtime sysctl knob in the default kernel?
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline