On 10/05/2010 12:34 PM, richard -rw- weinberger wrote: [ cut ]
>>> IMHO CAP_SYS_ADMIN is a no-go. >>> A jailed root would be able to mount the cgroup filesystem -> game over. >>> >>> >> Yep. The cgroup can be remounted in the container but you can prevent the >> access to the directory with SMACK or SeLinux. There is a good document at >> explaining how to do that. >> >> http://www.ibm.com/developerworks/linux/library/l-lxc-security/ >> > Yeah, but there are more problems. For example on my test system /lxc > is a separate filesystem. With CAP_SYS_ADMIN a evil guy could do "ln > -s /proc/mounts /etc/mtab ; mount / -o remount,ro" and all other lxc > instances are unusable... > Well, I still don't get the behavior of the 'remount' option wrt the mount namespace, this is something I have definitively ask for ... :) But you are right, we should prevent that. I think this case is covered by the user namespace (when finished). ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
