Reaction score: 15
Linux has Unprivileged containers, through which a user can manage containers if admin allows him via a special config file, faking some parts with user subuids and subgids, and others, like create devices, etc… are "bypassed" during the installation process of "tweaked" templates of lxchub (or whatever it is). Then user can manage some sort of device nodes... at least that's how I understand it.
Now I wonder if FreeBSD jails can do so securely. It looks like, technically jails are more chroot on steroids rather than containers. I personally don't have any limitations with this, but can anyone technically explain the differences of Jails vs (lxc+docker)?
lxc.id_map = u 0 100000 65536 lxc.id_map = g 0 100000 65536 # Using Bridge USE_LXC_BRIDGE="true" # Device nodes lxc.cgroup.devices.allow = c 116:* rwm lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed lxc.mount.entry = /dev/snd dev/snd none bind,optional,create=dir # Network namespaces lxc.network.type = veth lxc.network.link = lxcbr0 lxc.network.name = eth1 lxc.network.flags = up lxc.network.hwaddr = 08:00:27:e5:c3:29 lxc.aa_allow_incomplete = 1 # Include systemwide tweaks # lxc.include = /etc/lxc/default.conf