Thanks for taking an interest and reporting this bug. You can use LSMs to mitigate this to some extent. However the real solution will be completion of the user namespace and proc filtering. Both are well-known and substantial todo items.
I am marking this Triaged as (a) the proper solution is known, and (b) the community is slowly but surely addressing it. -- You received this bug notification because you are a member of Ubuntu Server Team, which is a direct subscriber. https://bugs.launchpad.net/bugs/645625 Title: lxc container can power-off host machine -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs