Comment 6 for bug 645625
Revision history for this message
| Serge Hallyn (serge-hallyn) wrote Re: [Bug 645625] Re: lxc container can power-off host machine | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
Quoting maxadamo (<email address hidden>):
> don't want to argue, but may I ask why you decided to tag the urgency of this issue as "low"?
Because of the many ways that root in a container can mess with a host,
this is only one.
> One can stop 30 containers and the host machine and the host machine, by
> issuing a simple command on one of the containers and you say urgency is just
> "low"? Wasn't it at least "medium", if not "high"?
No, because for 12.04 our goal is only to prevent accidental abuses of
the host by a container. There is no way we can claim to prevent
actual mischief.
Put another way, if this would be a high priority item for your use
case, then lxc is not yet right for your use case. Note that work
toward a user namespace, which will help achieve that goal, is heavily
under way.
Nevertheless, note that it is fix released. With the current apparmor
policy in 12.04, you should not be able to reboot through
/proc/sysrq-