[openstack-dev] [Zun] Containers in privileged mode
Hongbin Lu
hongbin034 at gmail.com
Tue Jan 2 18:38:14 UTC 2018
Hi Joao,
Right now, it is impossible to create containers with escalated privileged,
such as setting privileged mode or adding additional caps. This is
intentional for security reasons. Basically, what Zun currently provides is
"serverless" containers, which means Zun is not using VMs to isolate
containers (for people who wanted strong isolation as VMs, they can choose
secure container runtime such as Clear Container). Therefore, it is
insecure to give users control of any kind of privilege escalation.
However, if you want this feature, I would love to learn more about the use
cases.
Best regards,
Hongbin
On Tue, Jan 2, 2018 at 10:20 AM, João Paulo Sá da Silva <
joao-sa-silva at alticelabs.com> wrote:
> Hello!
>
> Is it possible to create containers in privileged mode or to add caps as
> NET_ADMIN?
>
>
>
> Kind regards,
>
> João
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180102/e1ecb71a/attachment.html>
More information about the OpenStack-dev
mailing list