In this video we continue our examination of Linux namespaces by looking at some details of how the user namespace can be used to de-couple the user ID inside a container from the user ID on the host, allowing a container to run as the root user without the risks of being root on the host.

To learn more, read our blog on Datadog’s Security Labs site.

https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-2/