Description
Process isolated containers is an isolation mode of containers that have loose sandbox capabilities in the sense they do not have serviceable security boundaries. The containers are isolated in that they share different network stacks, trace trees, and certificate stores but the sandboxing capabilities are not strong enough that someone can intentionally or unintentionally get past the sandbox and access other containers being hosted on the same VM.
Containers have two default users that they can run - container user and container administrator. The container user is a low-privilege mode that can do a lot less than a container administrator. However, a container administrator user is almost like an administrator in the underlying host because the container kernel is shared with the underlying VM kernel.
Generally, admin privileges are mostly needed at startup when the service needs to read/set registry settings, access the certificate store, download and install certificates, and configure monitoring agents. We've heard from customer engagement that having a tool for Windows Containers to handle processes needed to be done in higher level privileges such as certificate installation before dropping to low-privilege would provide value to users.
We would love to hear your feedback on this.