moin moin, I presume that if you run a container or VM as you on your system you can make a copy of its memory from the host system. If you run it as root, is root the only user ( outside of escalation exploits ) that has access to the memory? If you run it as a 3rd party, e.g. myvmuser, then only that user and root can inspect the memory from the host side? I'm contemplating the security implications of running a security or privacy process ( password manager, keyserver, etc. ) in a containerized or VM environment rather than just running it as an application on the host. Security and privacy processes try to lock down the memory on the host system, but when the OS is in a sub-process you can dump the entire memory. In this particular case, I'm not worried about something escaping the hosted system, rather I'm concerned about what can spy on the hosted system. ciao, der.hans -- # https://www.LuftHans.com https://www.PhxLinux.org # I'm not anti-social, I'm pro-individual. - der.hans --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss