[Lxc-users] lxc and guest /proc/kcore access restriction
Serge Hallyn
serge.hallyn at canonical.com
Tue Dec 13 15:07:53 UTC 2011
Quoting Fiedler Roman (Roman.Fiedler at ait.ac.at):
> Hello List,
>
> I have problems finding information about lxc with system virtualization and access restriction to /proc/kcore. In my setup, root in guest can read /proc/kcore, data from host shows up in container kcore, so kcore is not somehow faked/virtualized.
>
> I did not find no suitable information about securing /proc use inside container, so perhaps someone could point me to information to these questions?
>
> * Is secure /proc use (no escape, no major host/container or inter-container info leaks) inside guest possible?
ATM I recommend you use an LSM to do that.
-serge
More information about the lxc-users
mailing list