[lxc-devel] Predictable root passwords in LXC templates

Major Hayden major at mhtx.net
Tue Jun 16 12:37:17 UTC 2015


Hello there,

I've been a user of LXC for quite some time but this is my first time digging into things a bit deeper.

I'm working with the Fedora Security Team to go through some security issues in various projects and I stumbled upon a bug[1] about predictable root passwords in LXC templates.  I opened an issue on Github[2] about it and Stéphane Graber was kind enough to redirect me to this list.

I'm certainly not here to complain -- I'd like to try to improve the templates a bit and see if some of the randomized root password functionality from the CentOS and Fedora templates could be implemented in the remaining templates.  There are other options as well, such as making the password empty and refusing logins with empty passwords (as suggested by Stéphane).

Would these contributions be welcomed by the LXC community or should I go in another direction?  Thanks in advance for your help.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1132004
[2] https://github.com/lxc/lxc/issues/565#issuecomment-112094910

--
Major Hayden


More information about the lxc-devel mailing list