Haven't looked closely enough yet, but a few comments:
1. mount/umount make up a lot of the privileged calls, and
at some point these will hopefully be supported unprivileged
(at least for bind mounts).
2. one nice bonus of this is that we can easily spot where
priv is expected to be used
3. ins
On Thu, 2010-07-01 at 17:47 +0200, Ferenc Wagner wrote:
> Daniel Lezcano writes:
>
> > "... If you can't permanently give up the privilege, then you can at
> > least temporarily drop the privilege as often as possible. [...]
> > Many attacks only work if they trick the privileged program into d
Daniel Lezcano writes:
> "... If you can't permanently give up the privilege, then you can at
> least temporarily drop the privilege as often as possible. [...]
> Many attacks only work if they trick the privileged program into doing
> something unintended while its privileges are enabled (for e
Hi All,
The lxc tools can be run as non-root with all the needed capabilities
set by lxc-setcap via the file capabilities. The command run by lxc
won't have these privileges of course.
In the execution flow of lxc, there are two processes: the first process
of the container and its parent.
