[libvirt] [PATCH v2] Add some notes about security considerations when using LXC
Eric Blake
eblake at redhat.com
Thu Sep 12 02:20:04 UTC 2013
On 09/11/2013 04:56 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
>
> Describe some of the issues to be aware of when configuring LXC
> guests with security isolation as a goal.
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
> docs/drvlxc.html.in | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 103 insertions(+)
>
> +
> +<p>
> +Sharing the host filesystem tree, also allows applications to access
> +UNIX domains sockets associated with the host OS, which are in the
> +filesystem namespaces. It should be noted that a number of init
> +systems including at least <code>systemd</code> and <code>upstart</code>
> +have UNIX domain socket which are used to control their operation.
> +Thus, if the directory/filesystem holding their UNIX domain socket is
> +exposed to the container, it will be possible for a user in the container
> +to invoke operations on the init service in the same way it could if
> +outside the container. This also applies to other applications in the
> +host which use UNIX domain sockets in the filesystem, such as DBus,
> +Libvirtd, and many more. If this is not desired, then applications
> +should either specify the UID/GID mapping in the configuration to
> +enable user namespaces & thus block access to the UNIX domain socket
s/&/and/
ACK.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130911/f9906e9f/attachment-0001.sig>
More information about the libvir-list
mailing list