|
|
|
|
|
|
by clhodapp
3317 days ago
|
|
|
The general rule is that you want as many layers of security as you can get away with without making things impractically inconvenient. In this case, the first step is probably not letting the user's code run as root in the container. Gaining container-root is going to be the first step in many, many exploits and by letting code just run that way, you are giving a potential attacker that step for free. Disclaimer: Absolutely not a security expert, just someone who is somewhat on the hook for security! |
|
|