Just run docker in an LXC. That’s what I do when I have to.
- 0 Posts
- 4 Comments
Joined 2 years ago
Cake day: July 13th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
6·2 months agoI’m not really worried about it. Each LXC runs as its own user on the host, and they only have access to what they need to run each service.
If there’s an exploit found that makes that setup inherently vulnerable then a lot of people would be way more screwed than I would.
I don’t have anything publically accesible on my network (other than wireguard), but if I did I’d just put whatever it was on its own VLAN, run a wireguard server on it, and use a VPS as a reverse proxy that connects to it.
I only use unprivileged LXCs and everything I host on my network runs in its own LXC, so I’m not really worried about someone getting access to the host from there.
For anything. You can get a push notification for anything you can make run a script or send an http request.