Nothing here about crypto, and the risks of running crypto for two different applications on the same kernel (and with the same CSPRNG state) simultaneously.<p><snark> But I'm sure if nobody's talking about it on Reddit, that must mean it's not a big deal. </snark> ;)
I am terrified of containers. In 2012 I used lxc-destroy on a container, and it managed to destroy my entire filesystem. It seems beyond belief to me that something like that could happen, but it did.<p>Definitely unfair to bring it up at this point--it was a while back--but until everyone universally says they're solid, I'm not touching them.
The presentation makes a good point that containers aren't universally "insecure".<p>For certain use cases they are absolutely fine because the trust boundary between containers or the kernel isn't critical:
* Deployment (immutable servers)
* Development environment (develop against same configuration as production)
* Test environment (try different distros)<p>But running multiple containers from untrusted parties on one host <i>is</i> risky. Let's face it, kernel exploits do come out periodically and when that happens, container boundaries can be breached.<p>At the end of the day, security isn't absolute. You need to consider how valuable your data is and make your own decision.
It's worth noting that libvirt puts an (LXC) container around each regular KVM virtual machine it runs, and will also secure it using SELinux (see: sVirt).
Can someone comment on the current state of Namespaces in Linux and how that impacts LXC security? I found the following from 2012: <a href="http://lwn.net/Articles/528078/" rel="nofollow">http://lwn.net/Articles/528078/</a>
This is pretty much spot on based on my experience writing containers implementations. I have been putting together information documenting containers and just added some notes about security earlier.<p>At the moment i am taking my notes on how to secure containers and attempting to put them in a more digestible form unfortunately depending on what you are trying to do with containers the security model and how you defend those containers changes dramatically<p>if any one is interested in more info hit up <a href="http://doger.io" rel="nofollow">http://doger.io</a> and feel free to ask questions or request specific information be posted