[lxc-devel] Nested namespaces
Stéphane Graber
stgraber at ubuntu.com
Mon Sep 29 04:24:07 UTC 2014
On Sun, Sep 28, 2014 at 06:31:18PM -0500, riya khanna wrote:
> Hi,
>
> As I understand, kernel currently supports six namespaces. Is it
> possible for a process inside a container (running with different
> namespaces - all six) to escape the container by unshare() 'ing ?
>
> Would this be different for privileged/unprivileged containers?
>
> Thanks,
> Riya
It's certainly possible to unshare namespaces from within a container
but that's a feature, not an issue.
So you can't "escape" by unsharing, you can just get some new namespaces
setup which are children of your current one.
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140929/70060b9e/attachment.sig>
More information about the lxc-devel
mailing list