On 06/01/2014 05:13 PM, Daniel Baumann wrote:
> On 06/02/2014 12:06 AM, John Goerzen wrote:
>> Everything I have read says one must use either AppArmor or user
>> namespaces to make it secure.
>
> or, like i said, you can r/o mount certain pseudo-fs and drop a bunch of
> capabilities, like lxc-deb
On 06/02/2014 12:06 AM, John Goerzen wrote:
> Everything I have read says one must use either AppArmor or user
> namespaces to make it secure.
or, like i said, you can r/o mount certain pseudo-fs and drop a bunch of
capabilities, like lxc-debconfig in lxc-stuff does by default (and
lxc-debian in d
On 06/01/2014 04:43 PM, Daniel Baumann wrote:
> On 06/01/2014 10:27 PM, John Goerzen wrote:
>> Here are some links that describe AppArmor and why it's important to LXC:
> i'm aware that lxc can use apparmor, but as said previously, it is not
> required to make a container secure.
Everything I hav
On 06/01/2014 10:27 PM, John Goerzen wrote:
> Here are some links that describe AppArmor and why it's important to LXC:
i'm aware that lxc can use apparmor, but as said previously, it is not
required to make a container secure.
> http://blog.bofh.it/debian/id_413 is an exploit that is usable to
>
Daniel et al,
Here are some links that describe AppArmor and why it's important to LXC:
https://www.stgraber.org/2014/01/01/lxc-1-0-security-features/
http://blog.bofh.it/debian/id_413 is an exploit that is usable to
compromise the host's root on any LXC container that doesn't use app
armor or u
5 matches
Mail list logo