[lxc-devel] [critical] "Default" configuration may destroy host system
Daniel Lezcano
daniel.lezcano at free.fr
Thu Nov 26 15:50:27 UTC 2009
Andrian Nord wrote:
> If you're running (by mistake or typo) (via lxc-start) container that does not
> exists it will run with lxc.rootfs=/, meaning that /sbin/init will
> restart initialization procedure, efficiently messing host's system,
> that may lead to unpredictable results or even destroy (make inaccessible) host
> system (by reseting network configuration or something like that).
>
> (Actually, it _did_ destroy system of everyone who tested this).
>
> Actually, I finally lost any meaning of having such a feature for
> full-system containers. You may not use hosts's FS - it's described at
> above. You may not use some temporary directory - that's nonsense.
>
> This patch forbinds starting container via lxc-start without rcfile and
> custom start program, but probably it fixes only small part of problem.
> I really don't see much sense in such a feature without ability of
> overriding 'default' setting with command line switches. Anyway, default
> behaviour should be as save as possible.
>
> Signed-off-by: Andrian Nord <NightNord at gmail.com>
>
Applied.I changed it a little to check args[0] != "/sbin/init"
Thanks Andrian.
More information about the lxc-devel
mailing list