The users could manually setns. Without limiting their kernel you canno stop them from entering.
Quoting Claudio Cesar Sanchez Tejeda ([email protected]): > The idea is to distribute an application and I don't want that the > users that have root access to their servers could change anything on > the configuration files or in the container. > > Regards. > > On Tue, Jan 6, 2015 at 4:20 PM, BB <[email protected]> wrote: > > Hi, > > > > maybe there is some application scenario that you have in mind but I would > > "re-think" the requirement because > > - You need root/sudo privileges to enter the container with lxc-attach > > - If you don't trust root or other users with sudo privileges on the system > > you have much bigger problem > > > > Regards, > > > > BB > > > > On Tue, Jan 6, 2015 at 8:15 PM, Claudio Cesar Sanchez Tejeda > > <[email protected]> wrote: > >> > >> Hi, > >> > >> Does someone know how I can disable the lxc-attach command / > >> functionality? > >> > >> I wan't to create a complete isolated LXC container, and I don't want > >> that someone could start processes or enter to the container using a > >> shell (or run commands). > >> > >> Regards. > >> _______________________________________________ > >> lxc-users mailing list > >> [email protected] > >> http://lists.linuxcontainers.org/listinfo/lxc-users > > > > > > > > _______________________________________________ > > lxc-users mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-users > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
