hi
I plan to install some internet facing services on LXC, and I 'm reviewing the security.
The scenario is the worst case: the attacker has RCE with root privileges on the LXC.
will he be contained there?
The LXC is of course unprivileged.
I'm not considering any 0days of the kernel/OS, these are part of life and will be pathed hopefully sooner than later.
I noticed for example, that from the LXC lsblk shows me all PVE disks or that netdata shows all IO rates and much more.
Is there...
Read more
I plan to install some internet facing services on LXC, and I 'm reviewing the security.
The scenario is the worst case: the attacker has RCE with root privileges on the LXC.
will he be contained there?
The LXC is of course unprivileged.
I'm not considering any 0days of the kernel/OS, these are part of life and will be pathed hopefully sooner than later.
I noticed for example, that from the LXC lsblk shows me all PVE disks or that netdata shows all IO rates and much more.
Is there...
Read more