VM vs containers

Nov 22, 2022
10
0
1
cloudzeeland.nl
Happy New Year y'all!
Wouldn't it be safer to always install VM's instead of sometimes containers too? If a container has been compromised, Proxmox' OS will be as well?
Best, Jos
 
Last edited:
Yes, in case of a compromized guest a VM would be the safest and a privileged LXC the most vulnerable. With unprivileged LXCs in between.
Because of that I personally only use LXCs for stuff that is not attackable from the internet and accept the additional overhead.
 
  • Like
Reactions: Red56
Ok, so the most save is running Docker in a VM instead of as a container. With the availability of a zillion docker containers the chance of using one with a backdoor is likely possible.
 
Maybe you can also have a look at podman, which will eventually replace Docker. Most enterprise linux distributions have already switched to podman. You need to know that it is not and will not be a drop-in-replacement to Docker, because of all the security implications, e.g. docker-compose (or podman-compose) is very similar, but not directly compatible due to the stricter security, especially if it comes to networking.