Open vadorovsky opened 3 years ago
dfaggioli
commented
3 years ago For what is worth, this makes sense to me. I would keep toolbox privileged and unsafe by default, because as you said, toolbox's goal is not sandboxing. But it should be possible to have something like this as an option. I may be able to draft something in the next days, but I can't be sure about that, so anyone feel free to beat me to it. :-)
vadorovsky
commented
3 years ago I was actually thinking about finding some time to do that, but if you are interested in that feature too and want to do that soon (next days / next week), then go on. :)
dfaggioli
commented
2 years ago I tried to address this (or at least, to start doing that) in https://github.com/openSUSE/microos-toolbox/pull/42 . Let me know what you think.
One of toolbox's use cases for me is having a container with compilers and development tools. For such containers I would prefer to not use
--privileged, not mount/devand other sensitive directories if not needed.Since the main use case of toolbox is debugging (which requires those flags and the goal is not sandboxing), I think it would make sense to have a CLI option for creating more sandboxed/secure containers.