[lxc-devel] [PATCH] templates: deny writes to host's clock
Serge Hallyn
serge.hallyn at ubuntu.com
Wed May 1 16:45:26 UTC 2013
Quoting Dwight Engen (dwight.engen at oracle.com):
> On Wed, 1 May 2013 10:54:10 -0500
> Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
>
> > Quoting Stéphane Graber (stgraber at ubuntu.com):
> > > On 05/01/2013 06:51 AM, Serge Hallyn wrote:
> > > > Don't allow write to /dev/rtc0, and remove sys_time (in any
> > > > templates which drop any capabilities)
> > > >
> > > > Reported-by: Christoph Mitasch <cmitasch at thomas-krenn.com>
> > > > Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> > >
> > > Assuming this has been tested not to prevent boot for any of the
> > > update templates.
> > >
> > > Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> >
> > I didn't test all of them, only ubuntu.
> >
> > If anything fails to boot because of inability to mess with host's
> > clock, that will be interesting :) I'll test whatever ones I can
> > (i.e. not sure all of them work) before pushing.
>
> Just FYI, when I removed /dev/rtc0 from the lxc-oracle template, the
> containers still booted but /sbin/hwclock complained which is why it
> got commented out from the initscripts. Other than that removing
> /dev/rtc0 completely hasn't seemed to have any ill side effects.
Well, now I don't know. My patch only removed sys_time from templates
already removing capabilities. I'm not sure that's right. I'm going
to change it to remove it from all templates (as well as sys_module, mac_admin,
and mac_override). The template doesn't get to decide how it can hose my
host...
More information about the lxc-devel
mailing list