To make sure the container user doesn't play with mounts, like
changing them from ro to rw, drop the sys_admin capability by default.
If user really needs to play with those, it can be enabled in the
configuration.
---
Note: it seems that patch 3/3 or my last series never reached the list.
Here it is.
src/lxc/lxc_container.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index c5a70a1..d6d6fba 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -2083,6 +2083,7 @@ static int lxcContainerDropCapabilities(virDomainDefPtr def,
case VIR_DOMAIN_CAPS_FEATURE_MKNOD: /* No creating device nodes */
case VIR_DOMAIN_CAPS_FEATURE_AUDIT_CONTROL: /* No messing with auditing status */
case VIR_DOMAIN_CAPS_FEATURE_MAC_ADMIN: /* No messing with LSM config */
+ case VIR_DOMAIN_CAPS_FEATURE_SYS_ADMIN: /* No messing with mounts */
toDrop = (state != VIR_TRISTATE_SWITCH_ON);
break;
default: /* User specified capabilities to drop */
--
2.1.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list