[lxc-devel] [PATCH] lxc-alpine: download statically compiled package manager if not available on host

Natanael Copa ncopa at alpinelinux.org
Sun May 19 07:29:06 UTC 2013


On Sat, 18 May 2013 18:14:36 -0500
Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
 
> > > I do see that for instance feeding a
> > > tar file with malicious /bin/passwd, which templates later run
> > > under a regular chroot, could be just as easy...
> > 
> > I don't really understand what you mean with this...
> 
> In the ubuntu-cloud template we wget a tarball which is the rootfs for
> the container, extract it, then chroot into it and run /bin/passwd to

ah. I misread "/bin/passwd" as "/etc/passwd". Get it now, sorry.

It shows that Kaarles' patch is practically not making anything that is
worse than what other templates already do.

> So long as you mean embed the pub keys into the lxc template, that
> would be great.
> 
> And I think I'll pursue the same for ubuntu-cloud and cirros
> templates.
> 
> > --allow-untrusted in the same shot and you will at no point run
> > anything that has not been cryptographically verified.
> 
> Sounds great - thanks.

Will look at it.

Thanks for the feedback!

-nc




More information about the lxc-devel mailing list