OpenVZ Forum


Home » General » Support » cap_net_admin: safe?
icon5.gif  cap_net_admin: safe? [message #35233] Tue, 10 March 2009 21:09 Go to next message
bugmenot is currently offline  bugmenot
Messages: 7
Registered: March 2009
Junior Member
Hi,

If a container is granted the cap_net_admin capability on a venet0 device, can it do anything dangerous (like mess around with routing tables for other CTs or the host, or forge mac addresses)?

Thanks.

Report message to a moderator

Re: cap_net_admin: safe? [message #41234 is a reply to message #35233] Wed, 15 December 2010 18:43 Go to previous messageGo to next message
litto is currently offline  litto
Messages: 4
Registered: August 2009
Junior Member
Any update about this issue? Is it safe to provide this cap? I thought it was fixed in april 2010... does anyone have confirmed informations? Regards.

Report message to a moderator

Re: cap_net_admin: safe? [message #41350 is a reply to message #35233] Thu, 06 January 2011 19:40 Go to previous messageGo to next message
tomp is currently offline  tomp
Messages: 64
Registered: August 2007
Member
Bump, I would like to know this also.

Report message to a moderator

Re: cap_net_admin: safe? [message #41352 is a reply to message #41350] Thu, 06 January 2011 19:54 Go to previous messageGo to next message
litto is currently offline  litto
Messages: 4
Registered: August 2009
Junior Member
I suggest you to DO NOT allow ANY of your vps client to use this function. Probalby there is a bug with this function. OVZ is buggy.

Report message to a moderator

Re: cap_net_admin: safe? [message #41359 is a reply to message #35233] Sun, 09 January 2011 11:42 Go to previous messageGo to next message
tomp is currently offline  tomp
Messages: 64
Registered: August 2007
Member
Hi,

Thats not very helpful. It doesn't answer the question, just makes a vague statement about the stability of openvz - which I don't agree with.

What is cap_net_admin for?

Report message to a moderator

Re: cap_net_admin: safe? [message #41362 is a reply to message #41359] Sun, 09 January 2011 15:53 Go to previous message
litto is currently offline  litto
Messages: 4
Registered: August 2009
Junior Member
I have enabled this cap for one client. Next day someone has hack admin pass do hypervm... before that he created vps with default config and mess up a little on nodes... net_admin allows to manage ips and routing table, maybe more...

Report message to a moderator

Previous Topic: Clarify something in veth wiki, please
Next Topic: Pushing traffic to a public IP on a container.
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Thu Dec 11 01:46:12 GMT 2025

Total time taken to generate the page: 0.27154 seconds
Powered by FUDforum Powered by Virtuozzo Containers