[lxc-users] Disable lxc-attach

Claudio Cesar Sanchez Tejeda demonccc.y at gmail.com
Fri Jan 9 13:29:21 UTC 2015 

The idea for this is to distribute a proprietary application with all
the libraries and all the third party applications that it needs. I
want that the users can run the LXC container like Docker, but I also
want to avoid that some users can do reverse engineering in order to
steal data or know how they can sabotage the application.

Regards.

On Tue, Jan 6, 2015 at 5:06 PM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> The users could manually setns.  Without limiting their kernel you canno
> stop them from entering.
>
> Quoting Claudio Cesar Sanchez Tejeda (demonccc.y at gmail.com):
>> The idea is to distribute an application and I don't want that the
>> users that have root access to their servers could change anything on
>> the configuration files or in the container.
>>
>> Regards.
>>
>> On Tue, Jan 6, 2015 at 4:20 PM, BB <eeg5auquaephoo5j at gmail.com> wrote:
>> > Hi,
>> >
>> > maybe there is some application scenario that you have in mind but I would
>> > "re-think" the requirement because
>> > - You need root/sudo privileges to enter the container with lxc-attach
>> > - If you don't trust root or other users with sudo privileges on the system
>> > you have much bigger problem
>> >
>> > Regards,
>> >
>> > BB
>> >
>> > On Tue, Jan 6, 2015 at 8:15 PM, Claudio Cesar Sanchez Tejeda
>> > <demonccc.y at gmail.com> wrote:
>> >>
>> >> Hi,
>> >>
>> >> Does someone know how I can disable the lxc-attach command /
>> >> functionality?
>> >>
>> >> I wan't to create a complete isolated LXC container, and I don't want
>> >> that someone could start processes or enter to the container using a
>> >> shell (or run commands).
>> >>
>> >> Regards.
>> >> _______________________________________________
>> >> lxc-users mailing list
>> >> lxc-users at lists.linuxcontainers.org
>> >> http://lists.linuxcontainers.org/listinfo/lxc-users
>> >
>> >
>> >
>> > _______________________________________________
>> > lxc-users mailing list
>> > lxc-users at lists.linuxcontainers.org
>> > http://lists.linuxcontainers.org/listinfo/lxc-users
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list