From what I have seen, rootless podman seems to take more effort (even if marginal) than rootful one. I want to make a more informed decision for the containers, so I would like to ask.
- What is a rootless podman good for? How much does it help in terms of security, and does it have other benefits?
- One of the benefits commonly mentioned is for when container is breached. Then, running container on sudo-capable user would give no security benefits. Does it mean I should run podman services on a non-privileged user?
Thank you!
With root permission you can do chroot.
Can you provide the required arguments for chroot? I’ve just opened the bash shell of a running container (docker exec -it mycontainer bash) and tried to “break out” using “chroot /”. I can’t access any files of the host.