| Can the root user break out of a container? [message #42835] |
Fri, 03 June 2011 18:29 |
curtis_isparks
Messages: 14
Registered: April 2011
|
Junior Member |
|
|
Can anyone tell me if OpenVZ offers any protection for the host node from a malicious user that has root access to a container?
Below is a thread regarding LXC that suggests that with LXC, containers do not provide much protection, but that's LXC...
blog.flameeyes.eu/2010/06/22/lxc-and-why-it-s-not-prime-time -yet
(sorry this forum will not allow me to post links yet)
...but, I have not been able to find anyone talking about this subject for OpenVZ. There is one comment on the above thread about a user that has 450 containers on the same host, which certainly sounds promising.
I guess my real question is whether anyone is aware of any exploits that would allow root users to break out of a container and access files on the root host node or other containers?
Or, can anyone share any success stories of giving customers root access to containers?
Thanks,
Curtis
[Updated on: Fri, 03 June 2011 18:29] Report message to a moderator |
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
