On 20/08/11 00:42, Stéphane Graber wrote:
> On 08/19/2011 03:54 PM, Ulli Horlacher wrote:
>> On Fri 2011-08-19 (15:38), Dong-In David Kang wrote:
>>
>>> We've found out that inside of an LXC instance, root can insert/remove
>>> modules of the host.
>>> Is it normal?
>>> If it is doable, an LXC ima
On 08/19/2011 03:54 PM, Ulli Horlacher wrote:
> On Fri 2011-08-19 (15:38), Dong-In David Kang wrote:
>
>> We've found out that inside of an LXC instance, root can insert/remove
>> modules of the host.
>> Is it normal?
>> If it is doable, an LXC image may corrupt the host system, which is not good
On Fri 2011-08-19 (15:38), Dong-In David Kang wrote:
> We've found out that inside of an LXC instance, root can insert/remove
> modules of the host.
> Is it normal?
> If it is doable, an LXC image may corrupt the host system, which is not good
> in terms of security.
Put:
lxc.cap.drop = sys_mo
