Current text is incorrect as multiple namespaces can be used.
sudo unshare -U -n bash -c 'ip a && whoami'
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
nobody
However (and maybe this is also what you meant?), using multiple namespaces does make things a bit complex though in certain scenarios and there are some open bugs[1][2] around this.
drwetter
commented
3 years ago
addresses https://github.com/OWASP/Docker-Security/issues/10
Current text is incorrect as multiple namespaces can be used.
However (and maybe this is also what you meant?), using multiple namespaces does make things a bit complex though in certain scenarios and there are some open bugs[1][2] around this.
[1] https://github.com/moby/moby/issues/26106#issuecomment-358848078 [2] https://github.com/moby/moby/issues/30176#issuecomment-272845067