On Wed, 2011-04-06 at 08:08 -0500, Rob Landley wrote: > On 04/06/2011 05:43 AM, Daniel Lezcano wrote: > > On 03/22/2011 10:20 AM, Nathan McSween wrote: > >> Can I get a quick rundown of what is implemented w.r.t UID/GID > >> containerization, is it safe yet to give containerized root to an > >> everyday user without huge security issues? > > > > Nope, it is not secure at all for a root user inside the container. > > Any idea what's missing? > > Rob
"echo b > /proc/sysrq-trigger" in a LXC container will force-reboot your host :) There are some tricks that can be used to limit that issue but LXC will need proper isolation of /proc /sys (and others) before we can even think of giving root access to containers. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com ------------------------------------------------------------------------------ Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
