Patrick/Oliver, Thanks for the quick response. As a security guy I hate it when folks post weaknesses without providing (or taking the time to investigate) workarounds.
And there seems to be a lot of FUD out there on the blogs regarding OpenVZ vs. LXC. :( - mdf On Sun, Jul 31, 2011 at 10:58 AM, root <r...@srvweb.net.caen> wrote: > On Sat, Jul 30, 2011 at 09:10:33PM -0400, Matthew Franz wrote: >> Had seen some previous discussions before, but are there any ways to >> mitigate this design vulnerability? >> >> http://blog.bofh.it/debian/id_413 >> >> Are there any workarounds? >> >> Thanks, >> >> - mdf >> >> -- >> -- >> Matthew Franz >> mdfr...@gmail.com >> >> ------------------------------------------------------------------------------ >> Got Input? Slashdot Needs You. >> Take our quick survey online. Come on, we don't ask for help often. >> Plus, you'll get a chance to win $100 to spend on ThinkGeek. >> http://p.sf.net/sfu/slashdot-survey >> _______________________________________________ >> Lxc-users mailing list >> Lxc-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/lxc-users >> > > Hello, > > If you modify the container's config file like this: > > lxc.mount.entry=sysfs /usr/local/var/lib/lxc/lxc6/rootfs/sys sysfs > ro,defaults 0 0 > > you can't write to /sys. > > Patrick > > -- -- Matthew Franz mdfr...@gmail.com ------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users