[Lxc-users] [Spam-Wahrscheinlichkeit=94]Re: Howto detect the containers host
Aurélien Minet
amlabs at free.fr
Thu May 26 10:09:02 UTC 2011
Hi
On 05/26/2011 11:37 AM, Jäkel, Guido wrote:
> Ulli>My lxc meta-script creates /lxc/hostname inside the container at startup:
>
> As a workaround my meta-scripts does something similar be able to re-start the appropriate containers in
> case of a panic, powerfail or similar on the supporting host. But IMHO it's in the concern of basic
> lxc and not to your, mine and other peoples metascripts to provide such things.
Restarting LXC containers after a panic, power-fail or everything else is not the concern of basic LXC, it related to
your host init script or your HA stuff (guest could have been restarted somewhere else) or things like Ganeti, Openstack...
> Papp>I hope a container cannot identify its host.
>
> You mean that's a concern of security? Why it shouldn't; "security through obscurity" is never a solution at
> all, you'll know!
For me it's a concern of security, LXC provide isolation through namespaces bewteen host and guests, this kind of stuff
would break this isolation.
For a guest not knowing on which host it is running is not about of obscurity but information security.
(obscurity is, IMHO, not about giving information but hiding technical details and how things works, but yes security
through obscurity is not a solution)
Regards
Aurélien
More information about the lxc-users
mailing list