[Lxc-users] Disable write access to /dev/rtc in templates
Christoph Mitasch
cmitasch at thomas-krenn.com
Sun Apr 28 08:55:00 UTC 2013
Hello,
we recently discovered that a container was able to modify the hardware clock of a server.
When checking the lxc configuration I found out that rwm access to /dev/rtc was granted.
Unfortunately most lxc templates allow write access per default.
http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=tree;f=templates
This was already discussed a few years ago:
http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg00718.html
I would recommend to modify access to /dev/rtc in the templates.
Or are there any caveats to do so?
Christoph
More information about the lxc-users
mailing list