Thanks for the suggestion, Soren. This was just mentioned in irc as
well. As there is no pretense of security against root in the container
right now, this isn't particularly important, so I'll send a patch
upstream, but we may just wait for upstream to take the patch. If we
are able to start using user namespaces for p, then it'll be moot since
module insertion checks are targeted at the initial user namespace.
Libvirt does it by default, but as with devices cgroup entries, offers
no flexibility about it.
** Changed in: lxc (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/850687
Title:
Should disable cap_module by default
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/850687/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
