If a hacker breaks out of docker when running inside LXC nested mode, would the proxmox host be compromised?

proxmoxrks · Jul 20, 2020

tom · Jul 20, 2020

proxmoxrks said:
If a hacker breaks out of docker when running inside LXC nested mode, would the proxmox host be compromised?

Probably. We always recommend docker inside a VM.

proxmoxrks · Jul 20, 2020

tom said:
Probably. We always recommend docker inside a VM.

LXC is running in unprivileged mode, can the proxmox host be compromised?

tom · Jul 20, 2020

proxmoxrks said:
LXC is running in unprivileged mode, can the proxmox host be compromised?

No, this is the default and save setting.

proxmoxrks · Jul 20, 2020

tom said:
No, this is the default and save setting.

I am confused.

If a hacker breaks out of docker running inside unprivileged LXC (nesting), would the proxmox host be compromised?

tom · Jul 20, 2020

proxmoxrks said:
I am confused.

I talked about unpriv CT (not nesting). Please use only VM for docker if security is a concern for you.

proxmoxrks · Jul 20, 2020

tom said:
I talked about unpriv CT (not nesting). Please use only VM for docker if security is a concern for you.

Um... I am referring to unpriv CT with nesting enabled because without nesting docker won't run...?

tom · Jul 20, 2020

proxmoxrks said:
Um... I am referring to unpriv CT with nesting enabled because without nesting docker won't run...?

I know. I write it now the third time. Please do not run docker inside LXC, use a VM.

I hope you got now the point ...

proxmoxrks · Jul 20, 2020

tom said:
I know. I write it now the third time. Please do not run docker inside LXC, use a VM.

I hope you got now the point ...

Thanks.