[Lxc-users] How much LXC is secure?

Daniel P. Berrange berrange at redhat.com
Mon Nov 11 12:43:37 UTC 2013


On Mon, Nov 11, 2013 at 01:19:25PM +0100, Adam Ryczkowski wrote:
> Last year I've read many times, that LXC have some outstanding
> security issues, and are the encapsulation is not tight enough to
> prevent hijacking the host, when the guest is compromised. But I
> never managed to find out, how exactly does one escape the LXC
> container.
> 
> I'm using the LXC containers as a holders for virtual computers
> (just as advertized in
> https://help.ubuntu.com/12.04/serverguide/lxc.html) in hope, that
> this will make another line of defense against hackers anyway.
> 
> Recently the host got hacked (Ubuntu 12.04 precise with kernel
> 3.8.2) , and I have renewed suspicions about the impenetrability of
> LXC.
> 
> I wonder what is the state of affairs now. How does one implement
> virtual computers inside LXC containers, so root on a guest cannot
> get root rights on host?

If you have a process running as "root" inside the container, then
you should assume it is *insecure* unless the container is configured
with either a user namespace uid+gid mapping, or some mandatory
access control (MAC) system like SELinux / AppArmour.  Without the
uid/gid mapping or a MAC layer, root in the container has all sorts
of access to stuff in sysfs & procfs that it can use to cause havoc
in the host, and quite possibly other things besides.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the lxc-users mailing list