oss-sec mailing list archives
Re: docker VMM breakout
From: Daniel J Walsh <dwalsh () redhat com>
Date: Wed, 18 Jun 2014 10:05:35 -0400
On 06/18/2014 09:39 AM, Sven Kieske wrote:
Am 18.06.2014 12:15, schrieb David Jorm:I tested libvirt via virsh and by default both CAP_DAC_READ_SEARCH and CAP_DAC_OVERRIDE are available (and thus the PoC does run). However, this default is well documented as is the general insecurity of libvirt in regards to DAC, so I don't think a CVE ID is required for libvirt.I fail to see why this should be true. On most distributions libvirt spawned vms do not run as root but as user qemu or similar. according to the documentation at: http://libvirt.org/drvqemu.html#securitycap this should imply that libvirt drops these capabilities. Please correct me if I'm wrong.
Why is this assumed a problem. CONTAINERS DO NOT CONTAIN. Root inside the container == Root outside the container. This is true in both libvirt-sandbox/libvirt-lxc and docker. We have a long way to go before we can run anything within a container without this rule. User Namespace, SELinux or other MAC are all required to get us near the point where Container Contain. People who run services within a container should continue to drop privs in the services and run them as UID!=0
Current thread:
- docker VMM breakout Sebastian Krahmer (Jun 18)
- Re: docker VMM breakout David Jorm (Jun 18)
- Re: docker VMM breakout Yves-Alexis Perez (Jun 18)
- Re: docker VMM breakout Sven Kieske (Jun 18)
- Re: docker VMM breakout Daniel J Walsh (Jun 18)
- Re: docker VMM breakout gremlin (Jun 18)
- Re: docker VMM breakout Serge Hallyn (Jun 19)
- Re: docker VMM breakout Daniel J Walsh (Jun 20)
- Re: docker VMM breakout David Jorm (Jun 18)