[Lxc-users] Two Questions: UID Privilage Isolation . Prevent cgroup mount in VM

sanjay genacct412 at gmail.com
Thu Apr 14 17:04:30 UTC 2011


Hi! I am new to the technology and thread. I have two basic questions, hope
you can provide some guidance.

1. UID Privilege Isolation.
~~~~~~~~~~~~~~~~~
If I understand it right, currently if a host-uid and guest-uid have the
same numerical value, they essentially have the same file access privilege.
Posting from 01/14/11 indicated that a patchset related to 'user namespace'
is in works to address this issue. Link in the LXC home/user indicated two
possible approach are being considered. I was wondering if there has been
any conclusion in this front ?


2. Guest modifying its own cgroup
~~~~~~~~~~~~~~~~~~~~~~~~
It appears that from a guest one can mount the cgroup and modify its own
constraints specified in the cgroup. Is there a way, I can prevent a guest
from doing so?

Thanks in advance for your help
-----------
Regards,
Sanjay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110414/f451b3d8/attachment.html>


More information about the lxc-users mailing list