2·
1 year agoI mean that’s fine if you dont want kernel space isolation. Lxd and proxmox are not the same.
Bezerker03
Its me. Bezzie.
- 0 Posts
- 5 Comments
Joined 1 year ago
Cake day: July 5th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I mean you could. Shell accounts did this back in the day but yes users could still abuse the system.
I have two nginx ingress running on my cluster. One of private one public. Public one is what’s exposed on 80 and 443 to the net.
The private is only available via VPN or lan. The public is for services I want internet exposed.
My family have a VPN network set up to my lan on their router and have access to most services but the public stuff is for the internet friends
It wasnt containerized sadly but remember in a container you still share (albeit split by cgroups) kernel space and the kernel. Only userland is isolated.
So kernel level sploits are still a concern. Wasn’t the case here but still.
Oh wow today I learned. I thought it was just containers still. My apologies. Looks like it’s been a thing since 5.0 lts.