[Bug 645625] Re: lxc container can power-off host machine

Serge Hallyn 645625 at bugs.launchpad.net
Fri Mar 23 16:11:42 UTC 2012


Quoting maxadamo (645625 at bugs.launchpad.net):
> don't want to argue, but may I ask why you decided to tag the urgency of this issue as "low"?

Because of the many ways that root in a container can mess with a host,
this is only one.

> One can stop 30 containers and the host machine and the host machine, by
> issuing a simple command on one of the containers and you say urgency is just
> "low"? Wasn't it at least "medium", if not "high"?

No, because for 12.04 our goal is only to prevent accidental abuses of
the host by a container.  There is no way we can claim to prevent
actual mischief.

Put another way, if this would be a high priority item for your use
case, then lxc is not yet right for your use case.  Note that work
toward a user namespace, which will help achieve that goal, is heavily
under way.

Nevertheless, note that it is fix released.  With the current apparmor
policy in 12.04, you should not be able to reboot through
/proc/sysrq-trigger.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/645625

Title:
  lxc container can power-off host machine

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/645625/+subscriptions



More information about the Ubuntu-server-bugs mailing list