<p dir="ltr">Thanks, Mike. That was all I was looking for. Possible, but less likely then any other problem that we'd have to mitigate in production.<br></p>
<p dir="ltr">Dustin</p>
<div class="gmail_quote">On Nov 6, 2013 3:18 PM, "Michael H. Warfield" <<a href="mailto:mhw@wittsend.com">mhw@wittsend.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Wed, 2013-11-06 at 12:41 -0500, Dustin Oprea wrote:<br>
> I'm a newcomer to LXC. I'm aware of the security disclaimers behind<br>
> using an LXC (such as access to the same sysfs as the host), but is it<br>
> also fair to say that it's just as likely for a rogue application<br>
> inside a container to cause a kernel panic or some kind of disastrous<br>
> segfault that will destabilize the host?<br>
<br>
I don't really think the question is quantifiable or answerable in a<br>
formal or definitive way. But I'll give you my arguments to the<br>
contrary.<br>
<br>
I haven't really run into a rogue applications causing a kernel opps or<br>
panic in years and I've had plenty of experience diagnosing panics and<br>
opps's in the past. Not to say it can't happen, but it does indicate a<br>
kernel bug and, as such, a security issue in the kernel. The kernel is<br>
suppose to protect itself from such "rouge" behavior. But, there's<br>
always something and, as a professional security researcher, I'm well<br>
aware of that.<br>
<br>
As such, it's no MORE likely in a container than running on the host and<br>
it's entirely possible that the container namespace isolation could<br>
convey some projection against a number of areas where such a thing<br>
could arise.<br>
<br>
If you're comparing it to things like shared proc, sysfs, or devtmpfs, I<br>
do see those issues show up (systemd and devtmpfs being my primary<br>
example and PITA) but have never seen a rouge container application, on<br>
it's own, do much more than resource starvation (I've got a container<br>
with a mysql process that occasionally sends my load average into lala<br>
land).<br>
<br>
So, my response would be no, it's not "just as likely" for the simple<br>
reason that kernel security bugs that would allow it are much less<br>
likely than configuration collisions that allow conflicts over proc,<br>
sysfs, or devtmpfs.<br>
<br>
Possible - yes. Likely - no. As likely - no.<br>
<br>
> Dustin Oprea<br>
><br>
Regards,<br>
Mike<br>
--<br>
Michael H. Warfield (AI4NB) | <a href="tel:%28770%29%20985-6132" value="+17709856132">(770) 985-6132</a> | mhw@WittsEnd.com<br>
/\/\|=mhw=|\/\/ | <a href="tel:%28678%29%20463-0932" value="+16784630932">(678) 463-0932</a> | <a href="http://www.wittsend.com/mhw/" target="_blank">http://www.wittsend.com/mhw/</a><br>
NIC whois: MHW9 | An optimist believes we live in the best of all<br>
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!<br>
</blockquote></div>