[Lxc-users] Mitigating LXC Container Evasion?
root
root at srvweb.net.caen
Sun Jul 31 14:58:15 UTC 2011
On Sat, Jul 30, 2011 at 09:10:33PM -0400, Matthew Franz wrote:
> Had seen some previous discussions before, but are there any ways to
> mitigate this design vulnerability?
>
> http://blog.bofh.it/debian/id_413
>
> Are there any workarounds?
>
> Thanks,
>
> - mdf
>
> --
> --
> Matthew Franz
> mdfranz at gmail.com
>
> ------------------------------------------------------------------------------
> Got Input? Slashdot Needs You.
> Take our quick survey online. Come on, we don't ask for help often.
> Plus, you'll get a chance to win $100 to spend on ThinkGeek.
> http://p.sf.net/sfu/slashdot-survey
> _______________________________________________
> Lxc-users mailing list
> Lxc-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-users
>
Hello,
If you modify the container's config file like this:
lxc.mount.entry=sysfs /usr/local/var/lib/lxc/lxc6/rootfs/sys sysfs ro,defaults 0 0
you can't write to /sys.
Patrick
More information about the lxc-users
mailing list