[lxc-users] Disable lxc-attach

Serge Hallyn serge.hallyn at ubuntu.com
Tue Jan 6 20:06:07 UTC 2015


The users could manually setns.  Without limiting their kernel you canno
stop them from entering.

Quoting Claudio Cesar Sanchez Tejeda (demonccc.y at gmail.com):
> The idea is to distribute an application and I don't want that the
> users that have root access to their servers could change anything on
> the configuration files or in the container.
> 
> Regards.
> 
> On Tue, Jan 6, 2015 at 4:20 PM, BB <eeg5auquaephoo5j at gmail.com> wrote:
> > Hi,
> >
> > maybe there is some application scenario that you have in mind but I would
> > "re-think" the requirement because
> > - You need root/sudo privileges to enter the container with lxc-attach
> > - If you don't trust root or other users with sudo privileges on the system
> > you have much bigger problem
> >
> > Regards,
> >
> > BB
> >
> > On Tue, Jan 6, 2015 at 8:15 PM, Claudio Cesar Sanchez Tejeda
> > <demonccc.y at gmail.com> wrote:
> >>
> >> Hi,
> >>
> >> Does someone know how I can disable the lxc-attach command /
> >> functionality?
> >>
> >> I wan't to create a complete isolated LXC container, and I don't want
> >> that someone could start processes or enter to the container using a
> >> shell (or run commands).
> >>
> >> Regards.
> >> _______________________________________________
> >> lxc-users mailing list
> >> lxc-users at lists.linuxcontainers.org
> >> http://lists.linuxcontainers.org/listinfo/lxc-users
> >
> >
> >
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users


More information about the lxc-users mailing list