|
|
|
|
|
|
by hardwaresofton
2528 days ago
|
|
|
It has to do also with the use of user namespaces (LXC also does this). User namespaces (user/group id mapping) + userspace file systems (FUSE) is what enables building & running containers without root. Unfortunately the documentation is not really there yet[0], but that's the gist of how it's more secure outside of the general reduction-of-responsibility ways that others have mentioned. [0]: https://github.com/containers/buildah/issues/1469#issuecomme... |
|
|