[Lxc-users] Disable write access to /dev/rtc in templates
Serge Hallyn
serge.hallyn at ubuntu.com
Tue Apr 30 13:17:40 UTC 2013
Quoting Christoph Mitasch (cmitasch at thomas-krenn.com):
> Hello,
>
> we recently discovered that a container was able to modify the hardware clock of a server.
>
> When checking the lxc configuration I found out that rwm access to /dev/rtc was granted.
>
> Unfortunately most lxc templates allow write access per default.
> http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=tree;f=templates
>
> This was already discussed a few years ago:
> http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg00718.html
>
> I would recommend to modify access to /dev/rtc in the templates.
> Or are there any caveats to do so?
Thanks for the reminder.
I can't think of any.
If noone else speaks up by tomorrow, I'll update the templates to
make it 'rm'.
More information about the lxc-users
mailing list