Interesting! What was the service? IN our case we control the container, which i... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

adamgordonbell on March 8, 2023 | parent | context | favorite | on: Remote Code Execution as a Service

Interesting! What was the service? IN our case we control the container, which is BuildkitD, but it has to be run privileged, which means lots of solutions are off the table.

ones_and_zeros on March 8, 2023 [–]

Rather not say. Yea building and then running containers where users get to pick the base image is a risk.

We found that privileged is a pretty big hammer and thought we needed it too but we found ways to give us the functionality we needed without all the extra stuff we didn't need the privileged brings in.

Consider applying for YC's W25 batch! Applications are open till Nov 12.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact