For the deb we won't be changing the logic at this point and it's in
line with what's done for libvirt, changing behavior at this point would
cause more harm than good.
For the snap, we don't auto-add users and as mentioned earlier, have
updated our various documentations (those we maintain anyway) to be
clearer about the privileges granted to those with access to the API
(and mentioning RBAC for those wanting a safer option).
** Changed in: lxd (Ubuntu)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1829071
Title:
Privilege escalation via LXD (local root exploit)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
