> I also don't feel that this is a high priority bug since, so far, we do not recommend allowing unprivileged users to use containers.
Agreed. Especially because (currently) it's fairly easy to escape from LXC when you have root access to the container. > I don't believe it would be a serious loss of functionality to chmod 0700 > /var/lib/lxc. > ... > So I think a regular update in trusty with SRUs to all previous releases is > ok. I've used this functionality many times in the past. While I can do without it in exchange for security, some people may have written scripts that depend on this functionality, hence a SRU would be nasty for them. My personal opinion is: LXC is insecure and it does not deserve potentially dangerous security updates in stable releases. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1244635 Title: setuid executables in a container may compromise security on the host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1244635/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
