Quoting Christoph Mitasch (cmita...@thomas-krenn.com): > Hello, > > we recently discovered that a container was able to modify the hardware clock > of a server. > > When checking the lxc configuration I found out that rwm access to /dev/rtc > was granted. > > Unfortunately most lxc templates allow write access per default. > http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=tree;f=templates > > This was already discussed a few years ago: > http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg00718.html > > I would recommend to modify access to /dev/rtc in the templates. > Or are there any caveats to do so?
Thanks for the reminder. I can't think of any. If noone else speaks up by tomorrow, I'll update the templates to make it 'rm'. ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
