[Pkg-libvirt-maintainers] Bug#704157: libvirt0 - lxc: Mounts root cgroup in container
Bastian Blank
waldi at debian.org
Thu Mar 28 17:32:50 UTC 2013
Package: libvirt0
Version: 1.0.2-3
Severity: grave
The lxc support in libvirt mounts the root cgroups within the container.
Per default the guest have the permission needed to move processes out
of it's own cgroup into the root cgroup. This can evade restrictions
imposed by the device cgroup or resource restrictions.
Bastian
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.8-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Pkg-libvirt-maintainers
mailing list