[lxc-users] Unprivileged LXC - proc:mixed vs. proc:rw

Christian Brauner christian at brauner.io
Wed May 23 17:09:48 UTC 2018


On Wed, May 23, 2018 at 06:13:02PM +0200, Dr. Todor Dimitrov wrote:
> Hallo,
> 
> is there any security benefit of using proc:mixed inside an unprivileged container? Or does proc:rw deliver the same level of isolation?

There's no security benefit for unprivileged containers. They can't
change /proc/sys and /proc/sysrq-trigger. If they can and the file isn't
namespaced it's a bug.

Christian

> 
> lxc.mount.auto = proc:mixed
> 
> vs.
> 
> lxc.mount.auto = proc:rw
> 
> Thanks in advance,
> Todor
> 



> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users



More information about the lxc-users mailing list