On Tue, 2014-07-08 at 16:33 +0200, Łukasz Stelmach wrote: > Package: src:linux > Version: 3.2.60-1+deb7u1 > Severity: normal > > Dear Maintainer, > > tl;dr: init in a container (PID namespace) can call reboot(2) and > shutdown the host machine. Yes, and you need real user namespaces (as introduced in Linux 3.7) to prevent this. > Please refer to [1] for a detailed description of symptoms. > > After some investigation and thanks to help received from systemd > developers I can tell the problems can be solved by applying [2] to the > kernel. The patch is relatively old, it has been released only three > months after 3.2.0 so I hope applying it wouldn't be a problem. [...] This change seems to make containers work better, but it does not improve security. I'm not sure whether this is sufficient justification for a stable update. Please can you ask the stable release team (debian-release@lists.debian.org) to consider this. Ben. -- Ben Hutchings Any smoothly functioning technology is indistinguishable from a rigged demo.
Attachment:
signature.asc
Description: This is a digitally signed message part