[Lxc-users] Mitigating LXC Container Evasion?
Matthew Franz
mdfranz at gmail.com
Sun Jul 31 15:06:00 UTC 2011
Patrick/Oliver,
Thanks for the quick response. As a security guy I hate it when folks
post weaknesses without providing (or taking the time to investigate)
workarounds.
And there seems to be a lot of FUD out there on the blogs regarding
OpenVZ vs. LXC. :(
- mdf
On Sun, Jul 31, 2011 at 10:58 AM, root <root at srvweb.net.caen> wrote:
> On Sat, Jul 30, 2011 at 09:10:33PM -0400, Matthew Franz wrote:
>> Had seen some previous discussions before, but are there any ways to
>> mitigate this design vulnerability?
>>
>> http://blog.bofh.it/debian/id_413
>>
>> Are there any workarounds?
>>
>> Thanks,
>>
>> - mdf
>>
>> --
>> --
>> Matthew Franz
>> mdfranz at gmail.com
>>
>> ------------------------------------------------------------------------------
>> Got Input? Slashdot Needs You.
>> Take our quick survey online. Come on, we don't ask for help often.
>> Plus, you'll get a chance to win $100 to spend on ThinkGeek.
>> http://p.sf.net/sfu/slashdot-survey
>> _______________________________________________
>> Lxc-users mailing list
>> Lxc-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/lxc-users
>>
>
> Hello,
>
> If you modify the container's config file like this:
>
> lxc.mount.entry=sysfs /usr/local/var/lib/lxc/lxc6/rootfs/sys sysfs ro,defaults 0 0
>
> you can't write to /sys.
>
> Patrick
>
>
--
--
Matthew Franz
mdfranz at gmail.com
More information about the lxc-users
mailing list