[lxc-devel] [PATCH] Move back setcap for lxc-init
Guido Trotter
ultrotter at google.com
Sun Mar 22 23:49:09 UTC 2009
On Sun, Mar 22, 2009 at 11:17 PM, Daniel Lezcano <dlezcano at fr.ibm.com> wrote:
> Yes maybe and may be the script should do a little more and make possible to
> set the capability and to remove them if the admin wants to make the lxc
> tools available only for root.
>
> I am not a security expert, IMHO the file capabilities used with lxc solve a
> lot of security problems otherwise we have to be root to create a namespace
> and we know that leads to the evil setuid root. (eg. ping).
> In the other hand an anonymous user can create its own network stack and
> possibly mess with the outside world. Giving the ability to remove these
> capabilities is worth IMO.
>
Definitely true. On debian I plan to make the behavior configurable,
and defaulting on "root only".
It's pretty easy to do a
dpkg --reconfigure -plow lxc
after reading README.Debian, and a lot better that people do it
consciously rather than leaving users be able to do things they don't
expect on their system just because a package was installed.
Thanks,
Guido
More information about the lxc-devel
mailing list