1 |
On Thu, Mar 8, 2018 at 11:50 AM, Rich Freeman <rich0@g.o> wrote: |
2 |
> If you have util-linux installed then try running (as any user - you |
3 |
> don't have to be root): |
4 |
> unshare -i -m -n -p -u -C -f --mount-proc -U -r /bin/bash |
5 |
> |
6 |
|
7 |
Interesting. I hadn't found a good interface to containers and |
8 |
clone(2) besides Docker. Of course, I didn't look very hard. I half |
9 |
expect a "new" process model to develop around the kernel namespaces, |
10 |
as people realize GID separation only is too coarse. |
11 |
|
12 |
I still see some odd claims about container security, though: claiming |
13 |
containers are more secure than user accounts still seems odd to me, |
14 |
as if you don't trust the kernel to enforce user accounts, why trust |
15 |
it to enforce namespace separation? |