Comment 11 for bug 1244635

Revision history for this message
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 1244635] Re: setuid executables in a container may compromise security on the host

Quoting Seth Arnold (<email address hidden>):
> Serge, what does " After this version, respect the user's choice." mean?

It means if the user manually chmods /var/lib/lxc to 755, we don't
change it again after this. (Except, see below)

> Does this mean someone upgrading from e.g. 12.04.3 lxc packages to 14.04
> lxc packages -- skipping this update -- would have the 'unsafe'
> permissions?
>
> Or will this check be carried before to e.g. 14.04 lxc packages and only
> execute once, allowing an administrator to undo the change?

The test for package version will be kept until at least after
14.04. Since the trusty lxc version checks for the
1.0.0~alpha2-0ubuntu5 versio, an lts-to-lts upgrade will get
this check. Which sort of belies my statement that user
choices will be respected.