Re: docker VMM breakout

[Daniel J Walsh <dwalsh () redhat com>]

On 06/18/2014 09:39 AM, Sven Kieske wrote:
> Am 18.06.2014 12:15, schrieb David Jorm:
> > I tested libvirt via virsh and by default both CAP_DAC_READ_SEARCH and
> > CAP_DAC_OVERRIDE are available (and thus the PoC does run). However,
> > this default is well documented as is the general insecurity of libvirt
> > in regards to DAC, so I don't think a CVE ID is required for libvirt.
> I fail to see why this should be true.
> On most distributions libvirt spawned vms do not run as root but as user
> qemu or similar.
> according to the documentation at:
> http://libvirt.org/drvqemu.html#securitycap
>
> this should imply that libvirt drops these capabilities.
>
> Please correct me if I'm wrong.
Why is this assumed a problem. 

CONTAINERS DO NOT CONTAIN.  Root inside the container == Root outside
the container.

This is true in both libvirt-sandbox/libvirt-lxc and docker.

We have a long way to go before we can run anything within a container
without this rule.

User Namespace, SELinux or other MAC are all required to get us near the
point where Container Contain. 

People who run services within a container should continue to drop privs
in the services and run them as UID!=0