[lxc-users] Linuxcontainers security?
Marat Khalili
mkh at rqc.ru
Sun Mar 19 16:57:53 UTC 2017
Consider LXC as chroot on steroids, not VM. Therefore it is as secure as Linux kernel, for which exploits do surface from time to time. At least, it is a well understood area, and your can spend any amount of time you want on hardening your kernel and host system. For private web hosting I'd say default distribution level of protection is sufficient, for public one you'd better spend some time hardening, or even have staff members dedicated to it. Not to mean LXC-specific vulnerabilities are impossible, but general Linux kernel exploits are much more likely venue of attack IMHO.
--
With Best Regards,
Marat Khalili
On March 19, 2017 7:08:24 PM GMT+03:00, Ingo Baab <ib at baab.de> wrote:
>Hi LXD/LXC Users,
>
>today I read that at the hacking contest "Pwn2Own" 'they' escaped from
>a VMWare
>(running Windows10) using three exploits together (exploiting Edge and
>using a windows-
>10-kernel-hack..) [1].
>
>I asked myself, how secure is a (my) LXD/LXC container system?
>
>How do you 'estimate' the security running a webhosting-container as I
>do getting compromised?
>I do successfully setup and run nginx, php7, redis-server, mysql-server
>
>on my linux-containers.
>
>Any information or links are highly apreciated,
>Ingo Baab
>___
>[1]
>https://arstechnica.com/security/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/
>
>_______________________________________________
>lxc-users mailing list
>lxc-users at lists.linuxcontainers.org
>http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170319/61316b0b/attachment.html>
More information about the lxc-users
mailing list