Last year I've read many times, that LXC have some outstanding security
issues, and are the encapsulation is not tight enough to prevent
hijacking the host, when the guest is compromised. But I never managed
to find out, how exactly does one escape the LXC container.
I'm using the LXC containers as a holders for virtual computers (just as
advertized in https://help.ubuntu.com/12.04/serverguide/lxc.html) in
hope, that this will make another line of defense against hackers anyway.
Recently the host got hacked (Ubuntu 12.04 precise with kernel 3.8.2) ,
and I have renewed suspicions about the impenetrability of LXC.
I wonder what is the state of affairs now. How does one implement
virtual computers inside LXC containers, so root on a guest cannot get
root rights on host?
Adam Ryczkowski
+48505919892 <callto:+48505919892>
Skype:sisteczko <skype:sisteczko>
------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users