If a hacker breaks out of docker when running inside LXC nested mode, would the proxmox host be compromised?

[proxmoxrks]

If a hacker breaks out of docker when running inside LXC nested mode, would the proxmox host be compromised?

 

[tom]

If a hacker breaks out of docker when running inside LXC nested mode, would the proxmox host be compromised?

Probably. We always recommend docker inside a VM.

 

[proxmoxrks]

Probably. We always recommend docker inside a VM.

LXC is running in unprivileged mode, can the proxmox host be compromised?

 

[tom]

LXC is running in unprivileged mode, can the proxmox host be compromised?

No, this is the default and save setting.

 

[proxmoxrks]

No, this is the default and save setting.

I am confused.

If a hacker breaks out of docker running inside unprivileged LXC (nesting), would the proxmox host be compromised?

 

[tom]

I am confused.

I talked about unpriv CT (not nesting). Please use only VM for docker if security is a concern for you.

 

[proxmoxrks]

I talked about unpriv CT (not nesting). Please use only VM for docker if security is a concern for you.

Um... I am referring to unpriv CT with nesting enabled because without nesting docker won't run...?

 

[tom]

Um... I am referring to unpriv CT with nesting enabled because without nesting docker won't run...?

I know. I write it now the third time. Please do not run docker inside LXC, use a VM.

I hope you got now the point ...

 

[proxmoxrks]

I know. I write it now the third time. Please do not run docker inside LXC, use a VM.

I hope you got now the point ...

Thanks.