On 2013/7/3 11:23, Serge Hallyn wrote: > Quoting Serge Hallyn (serge.hal...@ubuntu.com): >> The lxc configuration file currently supports 'lxc.cap.drop', a list of >> capabilities to be dropped (using the bounding set) from the container. >> The problem with this is that over time new capabilities are added. So >> an older container configuration file may, over time, become insecure. >> >> Walter has in the past suggested replacing lxc.cap.drop with >> lxc.cap.preserve, which would have the inverse sense - any capabilities >> in that set would be kept, any others would be dropped. >> >> Realistically both have the same problem - the sendmail capabilities >> bug proved that running code with unexpectedly dropped privilege can be >> dangerous. This patch gives the admin a choice: You can use either >> lxc.cap.keep or lxc.cap.drop, not both.
What if someone use them both? I don't see too much help from this patch, and this introduce some confusion :( >> >> Both continue to be ignored if a user namespace is in use. > > Does anyone have any comments on this patch? > > I still have decide whether, if noone replies, I'll drop it or push > it. > ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
