Re: Linux 3.2 in wheezy

To: debian-devel@lists.debian.org
Subject: Re: Linux 3.2 in wheezy
From: Bastian Blank <waldi@debian.org>
Date: Fri, 3 Feb 2012 12:32:39 +0100
Message-id: <[🔎] 20120203113239.GB16544@wavehammer.waldi.eu.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] loom.20120201T201629-798@post.gmane.org>
References: <20120129182205.GR12704@decadent.org.uk> <1327867067.13223.3.camel@hidalgo> <1327872371.5400.375.camel@deadeye> <20120130004459.GA22039@angband.pl> <20120130013115.GB19215@bongo.bofh.it> <[🔎] loom.20120201T201629-798@post.gmane.org>

On Wed, Feb 01, 2012 at 07:37:38PM +0000, Moritz Naumann wrote:
> So there are obvious issues with LXC as a container solution for Linux, such as
> lacking actual containment (for the root user)

No, it is not obvious. If you give a process a certain permission, it
can use it. If you remove this permission, it can't longer use it. So
don't allow root in the container access to this permissions.

Bastian

-- 
Vulcans never bluff.
		-- Spock, "The Doomsday Machine", stardate 4202.1

Reply to:

References:
- Re: Linux 3.2 in wheezy
  - From: Moritz Naumann <lists.debian.org@moritz-naumann.com>

Prev by Date: Re: Linux 3.2 in wheezy
Next by Date: Re: Breaking programs because a not yet implemented solution exists in theory (Was: Bug#658139: evince: missing mime entry)
Previous by thread: Re: Linux 3.2 in wheezy
Next by thread: Re: Linux 3.2 in wheezy
Index(es):
- Date
- Thread