On Tue, Sep 14, 2021 at 09:59:19AM -0400, Bruce Fields wrote: > On Tue, Sep 14, 2021 at 8:52 AM Vivek Goyal <vgoyal@xxxxxxxxxx> wrote: > > Same is the requirement for regular containers and that's why > > podman (and possibly other container managers), make top level > > storage directory only readable and searchable by root, so that > > unpriveleged entities on host can not access container root filesystem > > data. > > Note--if that directory is on NFS, making it readable and searchable > by root is very weak protection, since it's often possible for an > attacker to guess filehandles and access objects without the need for > directory lookups. open_by_handle_at() requires CAP_DAC_READ_SEARCH. And if you have CAP_DAC_READ_SEARCH, you don't need to even guess file handles. You should be able to read/search through all directories, IIUC. So how does one make sure that shared directory on host is not accessible to unprivileged entities. If making directory accessible to root only is weaker security, what are the options for stronger security. Vivek
