[Lxc-users] FUSE and capabilities

Milan Zamazal pdm at zamazal.org
Tue Feb 15 10:24:19 UTC 2011


>>>>> "TWB" == Trent W Buck <twb at cybersource.com.au> writes:

    TWB> I suppose if I had to support desktop wank, I would set up a
    TWB> udev rule on the host to mount removable devices in 
    TWB> /media/<VOL ID>, and then rbind-mount /media into the
    TWB> container(s).  

This might be a good idea for some systems, but it wouldn't work well
for things like formatting, burning or using FUSE.

Perhaps the proper solution would be to add a new capability for secure
mounts to the kernel.  The question is how much damage can be done in
theory to the host and other containers when a container is given the
CAP_SYS_ADMIN capability, assuming lxc.cgroup.devices are set properly?
I don't care much about DoS problems as those can happen with almost any
non-paranoid setup.  But can CAP_SYS_ADMIN significantly increase risk
of compromising the host or other containers?






More information about the lxc-users mailing list