-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/22/2011 07:42 PM, Josh Triplett wrote: > The systemd-nspawn manpage lists the various mechanisms used to isolate > the container, and then says "Note that even though these security > precautions are taken systemd-nspawn is not suitable for secure > container setups. Many of the security features may be circumvented and > are hence primarily useful to avoid accidental changes to the host > system from the container." > > How can a process in a systemd-nspawn container circumvent the container > setup? What additional steps would systemd-nspawn need to take to > provide a secure container setup? > > - Josh Triplett > _______________________________________________ > systemd-devel mailing list > systemd-devel@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/systemd-devel SELinux would be a good start. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk21bFcACgkQrlYvE4MpobNwJwCeO7xqfUTykQGDQsiJj3oAYD/4 4bIAoNJucumKU17lquo/insid7cYwCg9 =H8IP -----END PGP SIGNATURE----- _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
