On Wednesday 06 April 2011 16:08:18 Rob Landley wrote: > On 04/06/2011 05:43 AM, Daniel Lezcano wrote: > > On 03/22/2011 10:20 AM, Nathan McSween wrote: > >> Can I get a quick rundown of what is implemented w.r.t UID/GID > >> containerization, is it safe yet to give containerized root to an > >> everyday user without huge security issues? > > > > Nope, it is not secure at all for a root user inside the container. > > Any idea what's missing?
A root user can chroot out of the chrooted directory. There were reports that /proc is not fully virtualized and changing some values there changes the values on the host machine and for all other containers. A root user can create devices and access devices that should not be accessed by this container. Controling every device with control groups is not so easy. Marian > > Rob > > --------------------------------------------------------------------------- > --- Xperia(TM) PLAY > It's a major breakthrough. An authentic gaming > smartphone on the nation's most reliable network. > And it wants your games. > http://p.sf.net/sfu/verizon-sfdev > _______________________________________________ > Lxc-devel mailing list > Lxc-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-devel -- Best regards, Marian Marinov
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev
_______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
