Public bug reported:
If lxc-execute is passed a non-existent container name, then the command
given is run in the current namespace.
I believe it should failed with a "container not found" error, as
otherwise it can lead to unexpected consequences in the host
environment.
example:
# lxc-ls
files foreman ns01 proxy
## Example typo on the -n option
# lxc-execute -n ns1 -- touch /tmp/ns01
# ls -l /tmp/ns01
-rw-r--r-- 1 root root 0 Apr 6 16:07 /tmp/ns01
## Command ran outside of container!
# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.10
DISTRIB_CODENAME=yakkety
DISTRIB_DESCRIPTION="Ubuntu 16.10"
** Affects: lxc (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1680330
Title:
lxc-execute can run commands in current namespace
Status in lxc package in Ubuntu:
New
Bug description:
If lxc-execute is passed a non-existent container name, then the
command given is run in the current namespace.
I believe it should failed with a "container not found" error, as
otherwise it can lead to unexpected consequences in the host
environment.
example:
# lxc-ls
files foreman ns01 proxy
## Example typo on the -n option
# lxc-execute -n ns1 -- touch /tmp/ns01
# ls -l /tmp/ns01
-rw-r--r-- 1 root root 0 Apr 6 16:07 /tmp/ns01
## Command ran outside of container!
# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.10
DISTRIB_CODENAME=yakkety
DISTRIB_DESCRIPTION="Ubuntu 16.10"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1680330/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
