[Lxc-users] System destabilization

Dustin Oprea myselfasunder at gmail.com
Wed Nov 6 20:26:18 UTC 2013


Thanks, Mike. That was all I was looking for. Possible, but less likely
then any other problem that we'd have to mitigate in production.

Dustin
On Nov 6, 2013 3:18 PM, "Michael H. Warfield" <mhw at wittsend.com> wrote:

> On Wed, 2013-11-06 at 12:41 -0500, Dustin Oprea wrote:
> > I'm a newcomer to LXC. I'm aware of the security disclaimers behind
> > using an LXC (such as access to the same sysfs as the host), but is it
> > also fair to say that it's just as likely for a rogue application
> > inside a container to cause a kernel panic or some kind of disastrous
> > segfault that will destabilize the host?
>
> I don't really think the question is quantifiable or answerable in a
> formal or definitive way.  But I'll give you my arguments to the
> contrary.
>
> I haven't really run into a rogue applications causing a kernel opps or
> panic in years and I've had plenty of experience diagnosing panics and
> opps's in the past.  Not to say it can't happen, but it does indicate a
> kernel bug and, as such, a security issue in the kernel.  The kernel is
> suppose to protect itself from such "rouge" behavior.  But, there's
> always something and, as a professional security researcher, I'm well
> aware of that.
>
> As such, it's no MORE likely in a container than running on the host and
> it's entirely possible that the container namespace isolation could
> convey some projection against a number of areas where such a thing
> could arise.
>
> If you're comparing it to things like shared proc, sysfs, or devtmpfs, I
> do see those issues show up (systemd and devtmpfs being my primary
> example and PITA) but have never seen a rouge container application, on
> it's own, do much more than resource starvation (I've got a container
> with a mysql process that occasionally sends my load average into lala
> land).
>
> So, my response would be no, it's not "just as likely" for the simple
> reason that kernel security bugs that would allow it are much less
> likely than configuration collisions that allow conflicts over proc,
> sysfs, or devtmpfs.
>
> Possible - yes.  Likely - no.  As likely - no.
>
> > Dustin Oprea
> >
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |
> http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of
> all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20131106/68d182df/attachment.html>


More information about the lxc-users mailing list