Most secure jailed environment?

[espoal]

Very nice project!

I was planning to try it, and my first idea has been to use it inside Docker, for security reasons.

You suggest to launch docker via gotty, but I think this is a vulnerability.

As discussed in the past on docker security, it might be possible to crash the docker container, allowing to execute commands on the host.

Wouldn't it be better to launch docker, then run gotty INSIDE docker?

[espoal]

Examples of privilege escalations: (nothing practical but...)

http://stealth.openwall.net/xSports/shocker.c

https://blog.docker.com/2013/08/containers-docker-how-secure-are-they/

[cGuille]

Hello,
I agree with you, so I wrote a simple Dockerfile to do just that.

[yudai]

Hi, thank you the comment.
Running gotty in containers sounds better than running in host machines.
However I want to keep the README as short as possible and just provide samples. So I'd like to keep the current sample as is.

[yudai]

@cGuille Thank you for providing a sample Dockerfile. It would be helpful for those who want to run gotty in containers.