[Lxc-users] How much LXC is secure?
Daniel P. Berrange
berrange at redhat.com
Mon Nov 11 12:43:37 UTC 2013
On Mon, Nov 11, 2013 at 01:19:25PM +0100, Adam Ryczkowski wrote:
> Last year I've read many times, that LXC have some outstanding
> security issues, and are the encapsulation is not tight enough to
> prevent hijacking the host, when the guest is compromised. But I
> never managed to find out, how exactly does one escape the LXC
> container.
>
> I'm using the LXC containers as a holders for virtual computers
> (just as advertized in
> https://help.ubuntu.com/12.04/serverguide/lxc.html) in hope, that
> this will make another line of defense against hackers anyway.
>
> Recently the host got hacked (Ubuntu 12.04 precise with kernel
> 3.8.2) , and I have renewed suspicions about the impenetrability of
> LXC.
>
> I wonder what is the state of affairs now. How does one implement
> virtual computers inside LXC containers, so root on a guest cannot
> get root rights on host?
If you have a process running as "root" inside the container, then
you should assume it is *insecure* unless the container is configured
with either a user namespace uid+gid mapping, or some mandatory
access control (MAC) system like SELinux / AppArmour. Without the
uid/gid mapping or a MAC layer, root in the container has all sorts
of access to stuff in sysfs & procfs that it can use to cause havoc
in the host, and quite possibly other things besides.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the lxc-users
mailing list