Hello,
I'd like to set up a collection of unprivileged containers, each with access to a different ZFS dataset. Since the default mapping between host and container UID/GID is always the same, this seems to introduce a security risk. If a container is compromised, the attacker could access all datasets on the host if the owner, for example, is always set to the root of the container (so the UID would always be 100000). How would I mitigate this risk?
Currently, I'm considering making the mapped spaces disjoint between the containers. For example, container 1 would have the following mapping:
Container 2 would have:
And so on. This way, the UIDs/GIDs in container 1 would be mapped to 100000-109999, and the UIDs in container 2 would be mapped to 110000-119999. Is this a good approach, or are there better ways to mitigate this risk?
Thanks for your help!
I'd like to set up a collection of unprivileged containers, each with access to a different ZFS dataset. Since the default mapping between host and container UID/GID is always the same, this seems to introduce a security risk. If a container is compromised, the attacker could access all datasets on the host if the owner, for example, is always set to the root of the container (so the UID would always be 100000). How would I mitigate this risk?
Currently, I'm considering making the mapped spaces disjoint between the containers. For example, container 1 would have the following mapping:
lxc.idmap = u 0 100000 10000lxc.idmap = g 0 100000 10000Container 2 would have:
lxc.idmap = u 0 110000 10000lxc.idmap = g 0 110000 10000And so on. This way, the UIDs/GIDs in container 1 would be mapped to 100000-109999, and the UIDs in container 2 would be mapped to 110000-119999. Is this a good approach, or are there better ways to mitigate this risk?
Thanks for your help!
Last edited:
