[Lxc-users] [Spam-Wahrscheinlichkeit=94]Re: Howto detect the containers host
Papp Tamas
tompos at martos.bme.hu
Thu May 26 09:57:58 UTC 2011
On 05/26/2011 11:37 AM, Jäkel, Guido wrote:
> Papp>I hope a container cannot identify its host.
>
> You mean that's a concern of security? Why it shouldn't; "security through obscurity" is never a solution at all, you'll know!
Yes, that's true, but this is not the case.
Actually lxc at this time not so good in security, so I think, every
small hardening step can help a bit.
By the way, when will it possible to prohibit a container to read and
write the dmesg of the host system?
Also what about reading and modifying cgroup settings?
Thank you,
tamas
More information about the lxc-users
mailing list