[Lxc-users] FUSE and capabilities
Milan Zamazal
pdm at zamazal.org
Tue Feb 15 10:24:19 UTC 2011
>>>>> "TWB" == Trent W Buck <twb at cybersource.com.au> writes:
TWB> I suppose if I had to support desktop wank, I would set up a
TWB> udev rule on the host to mount removable devices in
TWB> /media/<VOL ID>, and then rbind-mount /media into the
TWB> container(s).
This might be a good idea for some systems, but it wouldn't work well
for things like formatting, burning or using FUSE.
Perhaps the proper solution would be to add a new capability for secure
mounts to the kernel. The question is how much damage can be done in
theory to the host and other containers when a container is given the
CAP_SYS_ADMIN capability, assuming lxc.cgroup.devices are set properly?
I don't care much about DoS problems as those can happen with almost any
non-paranoid setup. But can CAP_SYS_ADMIN significantly increase risk
of compromising the host or other containers?
More information about the lxc-users
mailing list