[Lxc-users] lxc and guest /proc/kcore access restriction

Serge Hallyn serge.hallyn at canonical.com
Tue Dec 13 15:07:53 UTC 2011


Quoting Fiedler Roman (Roman.Fiedler at ait.ac.at):
> Hello List,
> 
> I have problems finding information about lxc with system virtualization and access restriction to /proc/kcore. In my setup, root in guest can read /proc/kcore, data from host shows up in container kcore, so kcore is not somehow faked/virtualized.
> 
> I did not find no suitable information about securing /proc use inside container, so perhaps someone could point me to information to these questions?
> 
> * Is secure /proc use (no escape, no major host/container or inter-container info leaks) inside guest possible?

ATM I recommend you use an LSM to do that.

-serge




More information about the lxc-users mailing list