[lxc-users] Unprivileged LXC - proc:mixed vs. proc:rw
Christian Brauner
christian at brauner.io
Wed May 23 17:09:48 UTC 2018
On Wed, May 23, 2018 at 06:13:02PM +0200, Dr. Todor Dimitrov wrote:
> Hallo,
>
> is there any security benefit of using proc:mixed inside an unprivileged container? Or does proc:rw deliver the same level of isolation?
There's no security benefit for unprivileged containers. They can't
change /proc/sys and /proc/sysrq-trigger. If they can and the file isn't
namespaced it's a bug.
Christian
>
> lxc.mount.auto = proc:mixed
>
> vs.
>
> lxc.mount.auto = proc:rw
>
> Thanks in advance,
> Todor
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list