[lxc-users] basic security questions
Tomasz Chmielewski
mangoo at wpkg.org
Sat Jan 31 14:46:36 UTC 2015
I was wondering what is the best way to employ some basic security for
lxc containers.
On the host, I'm running Ubuntu 14.04, lxc 1.0.7 with kernel 3.18.5.
1. root user in lxc containers is able to view dmesg, even with:
host# cat /proc/sys/kernel/dmesg_restrict
1
2. lxc containers are able to write to /proc/sysrq-trigger - so can
technically poweroff the host:
guest# echo w > /proc/sysrq-trigger
guest# dmesg
3. /proc/kcore? And perhaps anything else which might need blocking so
that the guest is not able to read data from the host/other guests?
--
Tomasz Chmielewski
http://www.sslrack.com
More information about the lxc-users
mailing list