[Bug 850687] Re: Should disable cap_module by default
Serge Hallyn
850687 at bugs.launchpad.net
Thu Sep 15 13:04:24 UTC 2011
Thanks for the suggestion, Soren. This was just mentioned in irc as
well. As there is no pretense of security against root in the container
right now, this isn't particularly important, so I'll send a patch
upstream, but we may just wait for upstream to take the patch. If we
are able to start using user namespaces for p, then it'll be moot since
module insertion checks are targeted at the initial user namespace.
Libvirt does it by default, but as with devices cgroup entries, offers
no flexibility about it.
** Changed in: lxc (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/850687
Title:
Should disable cap_module by default
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/850687/+subscriptions
More information about the Ubuntu-server-bugs
mailing list