EGI-CSIRT participated in the ISC High Performance Conference 2024 with a presentation on User Namespaces, are they good, bad or evil? The use of user namespaces reduces the attack surface in the event of a compromise, it allows isolation of the workload, but the vulnerabilities in namespaces in recent years have led people to believe that they are a security threat.
The EGI CSIRT recommends that user namespaces are enabled, but network namespaces are disabled as they are not required to run the workload on the HPC. The majority of previous namespace vulnerabilities could not be exploited when network namespaces were disabled. EGI CSIRT’s recommendations on the use of namespaces can be found on this page.
Recent Comments