[Lxc-users] How much LXC is secure?

Adam Ryczkowski adam.ryczkowski at statystyka.net
Mon Nov 11 12:49:11 UTC 2013


On 11.11.2013 13:43, Daniel P. Berrange wrote:
> On Mon, Nov 11, 2013 at 01:19:25PM +0100, Adam Ryczkowski wrote:
>> Last year I've read many times, that LXC have some outstanding
>> security issues, and are the encapsulation is not tight enough to
>> prevent hijacking the host, when the guest is compromised. But I
>> never managed to find out, how exactly does one escape the LXC
>> container.
>>
>> I'm using the LXC containers as a holders for virtual computers
>> (just as advertized in
>> https://help.ubuntu.com/12.04/serverguide/lxc.html) in hope, that
>> this will make another line of defense against hackers anyway.
>>
>> Recently the host got hacked (Ubuntu 12.04 precise with kernel
>> 3.8.2) , and I have renewed suspicions about the impenetrability of
>> LXC.
>>
>> I wonder what is the state of affairs now. How does one implement
>> virtual computers inside LXC containers, so root on a guest cannot
>> get root rights on host?
> If you have a process running as "root" inside the container, then
> you should assume it is *insecure* unless the container is configured
> with either a user namespace uid+gid mapping, or some mandatory
> access control (MAC) system like SELinux / AppArmour.  Without the
> uid/gid mapping or a MAC layer, root in the container has all sorts
> of access to stuff in sysfs & procfs that it can use to cause havoc
> in the host, and quite possibly other things besides.
>
> Daniel
Do you know by chance, how does it apply to the long Ubuntu 12.04? It 
uses AppArmour, but how sufficiently it is configured out-of-the-box?

How to check if the server uses uid+gid mapping?

Thank you,

Adam




More information about the lxc-users mailing list