[lxc-devel] [PATCH 1/6] Move lxcbr0 setup logic into lxc.net script
Martin Pitt
martin.pitt at ubuntu.com
Fri Aug 1 14:03:52 UTC 2014
Hello Serge,
Serge Hallyn [2014-08-01 13:39 +0000]:
> But just because you sent the patch doesn't guarantee that you're the
> author :)
Sorry, I'm just a layman engineer. :-) I don't see how I have more or
less control about the "Author:" field than over "Signed-off-by:", but
here we are:
Signed-off-by: Martin Pitt <martin.pitt at ubuntu.com>
for the whole set of patches
(This mail is GPG signed)
> The concern isn't the tools not being under $PATH, but exploit versions
> being put into a mangled path.
If you can mangle the $PATH for pid 1 and its init scripts (which run
as root), I'd say you pretty much 0wn the machine anyway. I think it's
much more common to put locally updated versions of tools into
/usr/local/ and expect them to get used?
Anyway, your call. However, please note that the current init scripts
don't run tools with full path (like "start", "lxc-autostart",
"iptables", etc.), and neither do the existing helper scripts (e. g.
lxc-devsetup calls "mount") so if that's your desire we'll need a much
bigger patch, and that should be separated from this series? (But
again, I'd really recommend against that)
Thanks!
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140801/5159933e/attachment.sig>
More information about the lxc-devel
mailing list