[Bug 1476662] Re: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor
lueschem
1476662 at bugs.launchpad.net
Wed Sep 30 13:06:07 UTC 2015
@Stephen Gaito and @Roman Fiedler:
Thanks for your hints! Using **relative** paths definitely helps also within the container fstab file.
However it would be very helpful if lxc would accept the absolute paths again:
fstab that fails with 1.0.7-0ubuntu0.5:
/home/MYUSER/somemountpoint
/var/lib/lxc/CONTAINERNAME/rootfs/home/MYUSER none defaults,bind 0 0
fstab that works with 1.0.7-0ubuntu0.5:
/home/MYUSER/somemountpoint home/MYUSER none defaults,bind 0 0
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1476662
Title:
lxc-start symlink vulnerabilities may allow guest to read host
filesystem, interfere with apparmor
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662/+subscriptions
More information about the Ubuntu-server-bugs
mailing list