[Lxc-users] Jumping out of a read-only bind mount container (was Re: Changing mount options from inside a container)

Matto Fransen matto at matto.nl
Sun Feb 6 14:42:31 UTC 2011


Hi,

On Fri, Feb 04, 2011 at 04:39:57PM -0200, Andre Nathan wrote:
 
> Let's say I have a file bind-mounted in read-only mode from the host to
> the container. For example, /etc/resolv.conf.
> 
> In the container, I can use the mount command with the -oremount,rw
> options and then edit the file from the container.
 
This is indeed possible. I have tried this in the 'standard' sshd-container
with read-only bind mounts. 
From within the container one can do a remount and after that make changes 
to the host filesystem (add, delete and change files).

So the bind read-only mounts are no protection against changing the 
filesystem of the container, but even makes it possible to corrupt the
_host_ filesystem ...

> Is there a way to disable that behavior and forbid the mount options

Perhaps there should be a drop.caps possibility to prevent remounting
from within the container.

Cheers,

Matto
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110206/5487c9d7/attachment.pgp>


More information about the lxc-users mailing list