Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I find the number of people schilling for Docker mindblowing.

"I don't know much about LXC, and I don't know what the defaults are, but I assume that this trivial wrapper around LXC provides more security".



Sorry this was not my intention. I actually prefer LXC to docker myself and did not wanted to shill for anything. I just wanted to point out that of the (possible) security problems that can happen when using LXC docker mitigates most by just not using them: They don't allow mounts, they drop CAP_SYS_ADMIN. I just posted the config file.

It was just a well intended warning - similiar to the warnings in the Ubuntu docs: https://help.ubuntu.com/12.04/serverguide/lxc.html#lxc-secur... and Gentoo: https://wiki.gentoo.org/wiki/LXC#MAJOR_Temporary_Problems_wi...

Here is the default configuration for Ubuntu 13.10 in comparision: https://gist.github.com/anonymous/7550932




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: