On 06/01/2014 10:27 PM, John Goerzen wrote: > Here are some links that describe AppArmor and why it's important to LXC:
i'm aware that lxc can use apparmor, but as said previously, it is not required to make a container secure. > http://blog.bofh.it/debian/id_413 is an exploit that is usable to > compromise the host's root on any LXC container that doesn't use app > armor or user namespaces (ftr: or, as explained, mount sysfs read-only) -- Address: Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern Email: daniel.baum...@progress-technologies.net Internet: http://people.progress-technologies.net/~daniel.baumann/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
