[Lxc-users] How much LXC is secure?

Adam Ryczkowski adam.ryczkowski at statystyka.net
Mon Nov 11 12:19:25 UTC 2013


Last year I've read many times, that LXC have some outstanding security 
issues, and are the encapsulation is not tight enough to prevent 
hijacking the host, when the guest is compromised. But I never managed 
to find out, how exactly does one escape the LXC container.

I'm using the LXC containers as a holders for virtual computers (just as 
advertized in https://help.ubuntu.com/12.04/serverguide/lxc.html) in 
hope, that this will make another line of defense against hackers anyway.

Recently the host got hacked (Ubuntu 12.04 precise with kernel 3.8.2) , 
and I have renewed suspicions about the impenetrability of LXC.

I wonder what is the state of affairs now. How does one implement 
virtual computers inside LXC containers, so root on a guest cannot get 
root rights on host?

Adam Ryczkowski
+48505919892 <callto:+48505919892>
Skype:sisteczko <skype:sisteczko>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20131111/c5f1241a/attachment.html>


More information about the lxc-users mailing list