[lxc-devel] TODO list?

Stéphane Graber stgraber at ubuntu.com
Mon Jun 9 16:05:14 UTC 2014


On Mon, Jun 09, 2014 at 04:01:22PM +0000, Serge Hallyn wrote:
> Quoting Christian Evans (Frodox at zoho.com):
> > Hi folks!
> > 
> > I am looking for a way to improve [security of] Linux Containers.
> > 
> > Where I can find any ToDo/features list, so I could help the project?
> 
> Hm, there isn't one right now that is uptodate, especially pertaining
> to security.  If security is what you are particularly interested in,
> then some areas where you could help are
> 
> 1. implement lxc support for Smack
> 
> 2. work on some usable seccomp policies - with the new personality and
> blacklist policy support we should be able to get some policies for
> standard workloads that are actually useful, i.e. refusing compat calls
> in x86-64 containers, etc.
> 
> 3. work on selinux container policies
> 
> 4. test out mountlo and other of the fuse filesystems that Eric
> mentioned should allow mounting from an unprivileged user namespace.
> (I gave it a 0% effort attempt, got an EPERM, and moved on to higher
> prio things;  it should be fun to figure out)

5)
Maybe look into getting a fuse proc filesystem hook for those who want
meminfo/cpuinfo to be based on the cgroup values.

6)
Help with getting CRIU to work with LXC (one of the expected main features
of LXC 1.1).

> 
> -serge
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140609/368b961b/attachment.sig>


More information about the lxc-devel mailing list