[Bug 1244635] Re: setuid executables in a container may compromise security on the host
Stéphane Graber
stgraber at stgraber.org
Sat Oct 26 17:13:13 UTC 2013
For those users, getting back to the old way would be a chmod away and I
asked Serge to make sure permissions would only be changed once and not
with every update, so it should be a one time thing.
As for security, while we don't currently say LXC is secure on Ubuntu,
we're not aware of any way to escape a default container (Ubuntu on
Ubuntu) starting with 12.04 when running with all default settings
(specifically, under apparmor). If you know of a way to do so, I'd love
to hear about it so we can adapt our apparmor profile to prevent it.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1244635
Title:
setuid executables in a container may compromise security on the host
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1244635/+subscriptions
More information about the Ubuntu-server-bugs
mailing list