I wanted to solicit general feedback on this platform's security with relation to using a HN that serves VPSs for both trusted and untrusted networks. I'm curious if there have been any CVE's or other errata, historically, that would have implications in this scenario.<div>
<br></div><div>I would like to use a cluster of HNs to host CTs that are on both trusted and untrusted network (i.e., publicly exposed in one form or another). I have no issues setting up the HN with access to the networks with bridge interfaces and only setting up layer 3 access on internal management networks, mitigating the exposure at that layer. Then creating CTs with mutually exclusive access to either trusted networks or an untrusted network.</div>
<div><br></div><div>Are there implication of using venet versys veth interfaces in this arrangement? If venet, is it possible to create interfaces in the CT for different networks? I.e., venet1 for ZoT1 and venet2 for ZoT2?</div>
<div><br></div><div>I am also concerned about the containment of the containers.. Have there been scenarios where people have been able to break out of the CT and gain access to or otherwise manipulate the HN?</div><div><br>
</div><div>I understand that with virtualization comes risk in this space, but I am attempting to assess the level of risk.</div><div><br></div><div>Thanks,</div><div>Axton Grams</div>