Hello, we recently discovered that a container was able to modify the hardware clock of a server.
When checking the lxc configuration I found out that rwm access to /dev/rtc was granted. Unfortunately most lxc templates allow write access per default. http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=tree;f=templates This was already discussed a few years ago: http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg00718.html I would recommend to modify access to /dev/rtc in the templates. Or are there any caveats to do so? Christoph ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users