[lxc-devel] Status of usability of lxc
Stéphane Graber
stgraber at ubuntu.com
Tue Apr 12 02:06:21 UTC 2011
On Wed, 2011-04-06 at 08:08 -0500, Rob Landley wrote:
> On 04/06/2011 05:43 AM, Daniel Lezcano wrote:
> > On 03/22/2011 10:20 AM, Nathan McSween wrote:
> >> Can I get a quick rundown of what is implemented w.r.t UID/GID
> >> containerization, is it safe yet to give containerized root to an
> >> everyday user without huge security issues?
> >
> > Nope, it is not secure at all for a root user inside the container.
>
> Any idea what's missing?
>
> Rob
"echo b > /proc/sysrq-trigger" in a LXC container will force-reboot your
host :)
There are some tricks that can be used to limit that issue but LXC will
need proper isolation of /proc /sys (and others) before we can even
think of giving root access to containers.
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
More information about the lxc-devel
mailing list