Hi
I have created a Ubuntu LXD host under a Hyper-V server with some containers running in bridged mode.
1. HAProxy SSL
2. Owncloud
3. Wordpress
4. Kopano Mail System...etc.
What about the security of LXD containers?
Some say that a container of this kind should be treated like a normal operating system and the same security measures should be taken accordingly.
https://discuss.linuxcontainers.org/...tices-help/352
Normally I would then use at least a combination of 'iptables' and 'fail2ban'.
Others think that the isolation by the containers in combination with AppArmor and the reduction of the root account, bring enough security?
I honestly can't imagine it right. Can a container like the SSL proxy be hijacked in the same way just like a normal host, and does it need to be secured by e.g. ' iptabels'?
What are your security concepts in this area?