Non-root Containers

[arne-broering]

Discussion shows there is consent on only accepting non-root containers in margo. OCI container "capabilities" may be further restricted.

Recommendations from Kuberenetes should be considered too: https://kubernetes.io/docs/concepts/security/pod-security-standards/

[merrill-harriman-se]

K8S defines 3 levels - Privileged, Baseline, and Restricted. IMO we never should allow Privileged. We should make the default Baseline level but allow (as in not prevent) a WOS to enforce Restricted if the user desires. This would be an allowed but not mandated configuration capability in the WOS. In all cases the app vendor must specify what access they require with a reasoning for the requirement - much the same as the Google App Store does.

[phil-abb]

@merrill-harriman-se

We should make the default Baseline level but allow (as in not prevent) a WOS to enforce Restricted if the user desires.

Can you provide additional details on how you feel the WOS could enforce this on a device?