[Lxc-users] Howto detect the containers host

Jäkel, Guido G.Jaekel at dnb.de
Thu May 26 12:08:28 UTC 2011


Dear Aurélien

>Restarting LXC containers after a panic, power-fail or everything else is not the concern of basic LXC, it related to
>your host init script or your HA stuff (guest could have been restarted somewhere else) or things like Ganeti, Openstack...

I fully agree. But by the lack of information about the host, the container can't set this information somewhere. 

From that, the host have to do it in the start script. But it only may *assume* that the client will come up in a proper way. In the generalized case, it can't because it have to know about details of the client or make (un)certain assumptions.


>> Papp>I hope a container cannot identify its host.
>>
>> You mean that's a concern of security? Why it shouldn't; "security through obscurity" is never a solution at
>> all, you'll know!
>For me it's a concern of security, LXC provide isolation through namespaces bewteen host and guests, this kind of stuff
>would break this isolation.
>For a guest not knowing on which host it is running is not about of obscurity but information security.

I also agree to your definition of "information security". Therefore, the host should be made able to control if this information is offered or not.

But we should not start an endless tread here, because there's a lot more of items touching "information security" on a concrete container and host environment available on every "virtualization" solution. And the name of the host would be just one more of hundreds.

Guido


More information about the lxc-users mailing list