Re: [libvirt] LXC: capset fails with userns

Wednesday, 26 February 2014

On Wed, Feb 26, 2014 at 08:54:02AM -0600, Serge Hallyn wrote:
...
 Quoting Stephan Sachse (ste.sachse(a)gmail.com):
 > for me there is no valid reason why a container is not allowed to set
 > file capabilities.

 (For the sake of the libvir-list, I replied to this on the lxc-devel@
 list with a proposal that should work;  but this particular patch is
 not safe, as nothing would stop an unprivileged user from mapping 0
 to his uid in a new namespace, adding CAP_SYS_ADMIN, getting back to
 the init namespace, and running it with privilege.  Adding a new
 capability format which adds the kuid_t of the user_ns root would
 solve this.  Thanks Stephan for pushing on this.) 
Thanks, I thought there would be some good reason for this restriction.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [libvirt] LXC: capset fails with userns