[lxc-devel] Status of usability of lxc
Marian Marinov
mm at yuhu.biz
Wed Apr 6 13:41:40 UTC 2011
On Wednesday 06 April 2011 16:08:18 Rob Landley wrote:
> On 04/06/2011 05:43 AM, Daniel Lezcano wrote:
> > On 03/22/2011 10:20 AM, Nathan McSween wrote:
> >> Can I get a quick rundown of what is implemented w.r.t UID/GID
> >> containerization, is it safe yet to give containerized root to an
> >> everyday user without huge security issues?
> >
> > Nope, it is not secure at all for a root user inside the container.
>
> Any idea what's missing?
A root user can chroot out of the chrooted directory.
There were reports that /proc is not fully virtualized and changing some
values there changes the values on the host machine and for all other
containers.
A root user can create devices and access devices that should not be accessed
by this container. Controling every device with control groups is not so easy.
Marian
>
> Rob
>
> ---------------------------------------------------------------------------
> --- Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
--
Best regards,
Marian Marinov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20110406/4d8db83a/attachment.pgp>
More information about the lxc-devel
mailing list