Hi, On Tue, Jul 08, 2014 at 05:30:48PM +0100, Ben Hutchings wrote: > On Tue, 2014-07-08 at 16:33 +0200, Ćukasz Stelmach wrote: > > Package: src:linux > > Version: 3.2.60-1+deb7u1 > > Severity: normal > > > > Dear Maintainer, > > > > tl;dr: init in a container (PID namespace) can call reboot(2) and > > shutdown the host machine. > > Yes, and you need real user namespaces (as introduced in Linux 3.7) to > prevent this. > > > Please refer to [1] for a detailed description of symptoms. > > > > After some investigation and thanks to help received from systemd > > developers I can tell the problems can be solved by applying [2] to the > > kernel. The patch is relatively old, it has been released only three > > months after 3.2.0 so I hope applying it wouldn't be a problem. > [...] > > This change seems to make containers work better, but it does not > improve security. I'm not sure whether this is sufficient justification > for a stable update. Please can you ask the stable release team > (debian-rele...@lists.debian.org) to consider this.
I'm still inclinded to close this bug now, would you agree? Regards, Salvatore
