You are not logged in.

#1 2017-12-17 19:30:58

MarthaParkin
Member
Registered: 2016-03-19
Posts: 232

Custom kernel for user namespaces or not for using containers?

I haven't been able to figure out if I should or should not use user namespaces custom kernel in order to use unprivileged containers ie if they would be the advised way to use containers vs the privileged default ones arch would use out of the box.

If I am the only person using the containers is it still recommended to use unprivileged containers or is it mostly unneeded? I only want the containers to run several instances of openvpn (again only for my own use to run a certain script with IP diversity). I will be connecting to public vpn though so I don't know if that changes matters in terms of security? not knowing the legitimacy of the clients.

I read that both pose security risks in that root will be a security risk but also that user namespaces activated is also a security risk. So which is the better way to go bearing in mind my intended use case stated above?

Last edited by MarthaParkin (2017-12-17 19:32:38)

Offline

#2 2017-12-18 00:49:16

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: Custom kernel for user namespaces or not for using containers?

Why don't you instead enable user namespaces via the runtime sysctl knob in the default kernel?

https://bugs.archlinux.org/task/36969


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

Board footer

Powered by FluxBB