[Lxc-users] Jumping out of a read-only bind mount container
Trent W. Buck
trentbuck at gmail.com
Tue Feb 8 00:19:20 UTC 2011
Matto Fransen <matto at matto.nl> writes:
> Hi,
>
> On Mon, Feb 07, 2011 at 11:40:47AM +1100, Trent W. Buck wrote:
>
>> >> In the container, I can use the mount command with the -oremount,rw
>> >> options and then edit the file from the container.
>> >
>> > So the bind read-only mounts are no protection against changing the
>> > filesystem of the container, but even makes it possible to corrupt the
>> > _host_ filesystem ...
>> >
>> >> Is there a way to disable that behavior and forbid the mount options
>> >
>> > Perhaps there should be a drop.caps possibility to prevent remounting
>> > from within the container.
>>
>
> 8< -- cut --
>
>> Note that, obviously, this means all mounts must be done by
>> lxc.mount.entry or prior to starting LXC.
>
> Indeed.
>
> This is a problem with the sshd bind readonly containers, because
> lxc-init mounts /proc, /dev/shm and /dev/mqueue.
> With lxc.cap.drop=sys_admin it is therefor not possible to use
> lxc-init.
>
> Would this mean that lxc_setup_fs() should be removed from
> lxc_init.c and the mounting should be done through the config-file?
I'm not sure what you mean there, but I do mounting with lxc.mount (or
lxc.mount.entry), i.e. within the lxc .conf file.
More information about the lxc-users
mailing list