[lxc-users] LVM backend: Need to wipe blocks?
Linus Lüssing
linus.luessing at c0d3.blue
Sat Feb 10 14:56:14 UTC 2018
On Thu, Feb 08, 2018 at 09:13:26PM +0100, Linus Lüssing wrote:
> 2) Any file created within the container will always contain data
> created from within this container only? Say, the (mapped, inner)
> root user will not be able to create a file which will then
> suddenly contain data which was used in another, but now deleted
> container or LVM volume?
For this point I played a bit with the commands fallocate and
truncate from within the container now. It seems that indeed even
files that were created in a sparse way, so without allocating
and filling blocks with specific data, will return zeroes upon
read operations with ext4.
According to the manpage of fallocate this seems to be a
property of ext4. And I wasn't able to do a
"mount -o remount,ro /", so I guess there is luckily no way for
the inner root user to change such/any behaviour of the ext4 root
filesystem, right?
If that's so and if LVM itself has no inherent zeroing mechanism
then that's actually a huge plus for LXC/LXD compared to KVM
security wise, I guess?
Regards, Linus
More information about the lxc-users
mailing list