[lxc-users] Disable lxc-attach

BB eeg5auquaephoo5j at gmail.com
Tue Jan 6 19:52:31 UTC 2015


Ok I understand. Yet if the "users" have root access on the servers they
can change anything nevertheless. Don't run an application on a server
under someone else's control that you don't trust.
I don't think there is any way to achieve what you want. Maybe some obscure
selinux hack? Use bitlocker + TPM :-p

Best regards,

BB

On Tue, Jan 6, 2015 at 8:28 PM, Claudio Cesar Sanchez Tejeda <
demonccc.y at gmail.com> wrote:

> The idea is to distribute an application and I don't want that the
> users that have root access to their servers could change anything on
> the configuration files or in the container.
>
> Regards.
>
> On Tue, Jan 6, 2015 at 4:20 PM, BB <eeg5auquaephoo5j at gmail.com> wrote:
> > Hi,
> >
> > maybe there is some application scenario that you have in mind but I
> would
> > "re-think" the requirement because
> > - You need root/sudo privileges to enter the container with lxc-attach
> > - If you don't trust root or other users with sudo privileges on the
> system
> > you have much bigger problem
> >
> > Regards,
> >
> > BB
> >
> > On Tue, Jan 6, 2015 at 8:15 PM, Claudio Cesar Sanchez Tejeda
> > <demonccc.y at gmail.com> wrote:
> >>
> >> Hi,
> >>
> >> Does someone know how I can disable the lxc-attach command /
> >> functionality?
> >>
> >> I wan't to create a complete isolated LXC container, and I don't want
> >> that someone could start processes or enter to the container using a
> >> shell (or run commands).
> >>
> >> Regards.
> >> _______________________________________________
> >> lxc-users mailing list
> >> lxc-users at lists.linuxcontainers.org
> >> http://lists.linuxcontainers.org/listinfo/lxc-users
> >
> >
> >
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150106/49395e9c/attachment.html>


More information about the lxc-users mailing list