From ArchWiki
Jump to navigation Jump to search

What is wrong with rootless?

One of the benefits of podman is supposed to be that you don't have to run containers as root. However, the section on enabling this has a cryptic warning about the security implications of unprivileged user namespaces. It has a link that claims to have details, but the link goes to which is another pair of cryptic warnings, with yet another link "for details". But that final link is a bug report with a long discussion going back to 2013.

What exactly is the point here? Are rootless containers not more secure than root containers? Or are they more secure, but create other security holes that root containers don't have? What exactly are these security holes? It would be nice to have a brief summary of how it relates to the context of this article. Ujones (talk) 01:38, 14 October 2021 (UTC)