[lxc-users] is starting unprivileged containers as root as secure as running them as any other user?
Serge Hallyn
serge.hallyn at ubuntu.com
Tue Jan 26 18:55:28 UTC 2016
I think that is correct. Except that it's not the host on which you
run 'lxc' which matters, but the one running the lxd daemons. But
yes, afaik you can create a container which mounts /dev/sda as a disk
device and do what you like.
Quoting david.andel at bli.uzh.ch (david.andel at bli.uzh.ch):
> Since LXD is starting the unprivileged containers as root, does that mean that from a security point of view there is no difference between running the 'lxc' commands from a user which is member of the 'sudo' group and a user which is not?
> For plain LXC I've understood that it is more secure to run as a user which is not member of the 'sudo' group. That doesn't seem to be the case to LXD anymore. Is that correct?
>
>
> -----"lxc-users" <lxc-users-bounces at lists.linuxcontainers.org> wrote: -----
> To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org>
> From: Serge Hallyn
> Sent by: "lxc-users"
> Date: 01/11/2016 23:36
> Subject: Re: [lxc-users] is starting unprivileged containers as root as secure as running them as any other user?
>
> Quoting Carlos Alberto Lopez Perez (clopez at igalia.com):
> > On 11/01/16 23:13, Serge Hallyn wrote:
> > > Quoting david.andel at bli.uzh.ch (david.andel at bli.uzh.ch):
> > >> Hmm, this is interesting.
> > >> I am runnung my container from the unprivileged user 'lxduser' and yet:
> > >>
> > >> root at qumind:~# ps -ef | grep '[l]xc monitor'
> > >> root 7609 1 0 11:54 ? 00:00:00 [lxc monitor] /var/lib/lxd/containers pgroonga
> > >>
> > >> What is wrong here?
> > >
> > > You're using lxd. Lxd runs as root. You are not starting the
> > > containers as 'lxduser' - you are making requests as 'lxduser' for
> > > the root-owned process 'lxd' to start the containers.
> >
> > I understood that LXD uses unprivileged containers by default...
> >
> > Does this mean that LXD is starting the unprivileged containers as root?
>
> yes. It does many things which an unprivileged user cannot do, so it has
> to run as root.
>
> The lxc-attach weakness I mentioned does not apply to 'lxc exec', because
> lxd interposes a pty between your console and the container's.
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list