virtual-machine virtualization lxc docker

Is using linux containers (lxc) like docker is safe?

If I will allow user to run whatever he want, is he able to do bad thinks to env in which container was executed?

Solution

As far as I can see, the answer is yes. So you should probably not give a hacker sudo rights on any container...

A quick Google search gave me the following.

On https://wiki.ubuntu.com/LxcSecurity:

... containers will always (by design) share the same kernel as the host. Therefore, any vulnerabilities in the kernel interface, unless the container is forbidden the use of that interface (i.e. using seccomp2) can be exploited by the container to harm the host.
On http://www.funtoo.org/wiki/Linux_Containers

As of Linux kernel 3.1.5, LXC is usable for isolating your own private workloads from one another. It is not yet ready to isolate potentially malicious users from one another or the host system.

They propose OpenVZ as an alternative.

How do I get rid of the 'Shared Y-STAT not available’ message that appears at logon? (CMS on z/VM)
When trying to install OS in Hyper-V, it ignores boot order and goes to "Start PXE over IPv4" instantly
rsyslogd using 100% CPU Utilization on all RHEL EC2 Instances
Azure Bastion sometimes uses public DNS name instead of VM name as tab title
Accessing running container (inside VM) from host OS
Passing VM Variable in Controller to Another Ajax Call
How to remove Self Hosted Integration Runtime from VM?
VirtualBox revert to snapshot from inside guest
Virtual machine agent status is not ready- Not able to take RDP in Azure
Why I am I getting a “There was an error while executing `VBoxManage`, a CLI used by Vagrant,” via Vagrant on macOS?
Docker Desktop doesn't install saying docker-ce-cli not installable
How to convert flat raw disk image to vmdk for virtualbox or vmplayer?
The import com.sun.tools cannot be resolved
Upgrade / Increase AWS Lightsail virtual machine's memory for better performance
Detect execution within Virtual-Machine, in Linux?
Stop and deallocate an Azure VM within the guest OS
Does legacy x86 (before Intel-VT and AMD-SVM) supports Type 1 Hypervisor?
Is there a way to enable password authentication such that user can log in with password or public key in azure vm?
Register based VM - byte order - push/load
Gitlab with non-standard SSH port (on VM with Iptable forwarding)
How to stop running Container, if error response from daemon is: Cannot Kill Container [...] permission denied?
Understanding what a python 3.12 bytecode does -- CALL 0 after GET_ITER
Microsoft Azure VMs IaaS or PaaS?
Unable to Enable Encryption at host for Azure VM
Cant' start Selenium Web Scraper on Ubuntu VM
Error: wsl.exe exited with code 4294967295 on Installing Rancher Desktop
How to detect if Mac OS X is being run inside a Virtual Machine
No Internet for VMware Fusion for Mac for a virtual Windows 10 machine
How do I install composer in container of docker?
Composer - failed opening required for phpseclib