Quoting maxadamo ([email protected]): > don't want to argue, but may I ask why you decided to tag the urgency of this > issue as "low"?
Because of the many ways that root in a container can mess with a host, this is only one. > One can stop 30 containers and the host machine and the host machine, by > issuing a simple command on one of the containers and you say urgency is just > "low"? Wasn't it at least "medium", if not "high"? No, because for 12.04 our goal is only to prevent accidental abuses of the host by a container. There is no way we can claim to prevent actual mischief. Put another way, if this would be a high priority item for your use case, then lxc is not yet right for your use case. Note that work toward a user namespace, which will help achieve that goal, is heavily under way. Nevertheless, note that it is fix released. With the current apparmor policy in 12.04, you should not be able to reboot through /proc/sysrq-trigger. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/645625 Title: lxc container can power-off host machine To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/645625/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
