[Lxc-users] Jumping out of a read-only bind mount container
Matto Fransen
matto at matto.nl
Mon Feb 7 19:12:09 UTC 2011
Hi,
On Mon, Feb 07, 2011 at 11:40:47AM +1100, Trent W. Buck wrote:
> >> In the container, I can use the mount command with the -oremount,rw
> >> options and then edit the file from the container.
> >
> > So the bind read-only mounts are no protection against changing the
> > filesystem of the container, but even makes it possible to corrupt the
> > _host_ filesystem ...
> >
> >> Is there a way to disable that behavior and forbid the mount options
> >
> > Perhaps there should be a drop.caps possibility to prevent remounting
> > from within the container.
>
8< -- cut --
> Note that, obviously, this means all mounts must be done by
> lxc.mount.entry or prior to starting LXC.
Indeed.
This is a problem with the sshd bind readonly containers, because
lxc-init mounts /proc, /dev/shm and /dev/mqueue.
With lxc.cap.drop=sys_admin it is therefor not possible to use
lxc-init.
Would this mean that lxc_setup_fs() should be removed from
lxc_init.c and the mounting should be done through the config-file?
Cheers,
Matto
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110207/212a68c3/attachment.pgp>
More information about the lxc-users
mailing list