[lxc-devel] LXCFS update problems

Stéphane Graber stgraber at ubuntu.com
Thu Nov 19 18:23:14 UTC 2015


On Thu, Nov 19, 2015 at 07:19:12PM +0100, Dietmar Maurer wrote:
> > > Maybe, but breaking existing containers is even worse. So I would
> > > do the following steps for now:
> > 
> > No, on security update, breaking all containers is far better than
> > having any container be able to run stuff as root on your host.
> 
> Also, we have many (enterprise) installations, where admins run
> containers himself, so the container root user is usually trusted...
> IMHO it makes no sense to break containers in that case.

Yeah, so after chatting with Serge, it looks like as a first pass we'll
probably change the postinst to stop restarting lxcfs on update and to
write to /run/reboot-required so similar to what's done for the kernel,
network-manager, ...

We're also discussing moving most of the lxcfs code into a shared
library which can be dlopened by a tiny tiny daemon which would then
reload said shared library on update.

That'd massively reduce the amount of code that couldn't be updated
live. And if the tiny daemon or libfuse themselves have a security
issue, then we'd trigger the write to reboot-required.

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20151119/05e11270/attachment.sig>


More information about the lxc-devel mailing list