Last year I've read many times, that LXC have some outstanding security issues, and are the encapsulation is not tight enough to prevent hijacking the host, when the guest is compromised. But I never managed to find out, how exactly does one escape the LXC container.

I'm using the LXC containers as a holders for virtual computers (just as advertized in https://help.ubuntu.com/12.04/serverguide/lxc.html) in hope, that this will make another line of defense against hackers anyway.

Recently the host got hacked (Ubuntu 12.04 precise with kernel 3.8.2) , and I have renewed suspicions about the impenetrability of LXC.

I wonder what is the state of affairs now. How does one implement virtual computers inside LXC containers, so root on a guest cannot get root rights on host?

Adam Ryczkowski
+48505919892 <callto:+48505919892>
Skype:sisteczko <skype:sisteczko>

------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most 
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Reply via email to