OpenVZ vs LXC DIR mode poor security in LXC

It is unfortunate that LXC's dir mode is completely insecure and allows way too much information from the host to be seen. I wonder if there will eventually be a way to break into the host filesystem or other container's storage?

OpenVZ better security:

[root@ev ~]# cat /proc/mdstat
cat: /proc/mdstat: No such file or directory

/dev/simfs 843G 740G 61G 93% /



LXC exposes too much:

If the host has a RAID array you can see the full details. If you do a df -h you can see the usage of the partition that your VMis stored on. This seems extremely insecure.

cat /proc/mdstat
Personalities : [raid10] [raid1]
md1 : active raid10 sda2[2] sdb2[0]
31439872 blocks super 1.2 2 near-copies [2/2] [UU]

md0 : active raid1 sda1[1] sdb1[0]
1048512 blocks [2/2] [UU]

md2 : active raid10 sda3[2] sdb3[0]
455747584 blocks super 1.2 2 near-copies [2/2] [UU]
bitmap: 1/4 pages [4KB], 65536KB chunk

unused devices:


root@first:~# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/md2 427G 5.9G 400G 2% /
none 492K 4.0K 488K 1% /dev
devtmpfs 3.8G 0 3.8G 0% /dev/tty
tmpfs 100K 0 100K 0% /dev/lxd
tmpfs 100K 0 100K 0% /dev/.lxd-mounts
tmpfs 3.8G 0 3.8G 0% /dev/shm
tmpfs 3.8G 172K 3.8G 1% /run
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 3.8G 0 3.8G 0% /sys/fs/cgroup
tmpfs 777M 0 777M 0% /run/user/0



Tags:

openvz, vs, lxc, dir, mode, lxcit, insecure, allows, filesystem, container, ev, proc, mdstat, directory, dev, simfs, exposes, raid, array, df, usage, partition, vm, stored, personalities, md, active, sda, sdb, copies, uu, bitmap, kb, chunk, unused, devices, avail, mounted, devtmpfs, tty, tmpfs, lxd, mounts, shm, sys, fs, cgroup, user,

Latest Articles

  • qemu 4 compilation options
  • CentOS 7 8 PXEBoot Netinstall Not Working Solution "Pane is dead "new value non-exisetnt xfs filesystem is not valid as a default fs type"
  • CentOS 6 EOL yum repo won't work Error: Cannot find a valid baseurl for repo: base Solution
  • CentOS 7 8 How To Disable SELinux
  • Wordpress How To Add Featured Image To Post in Hueman Theme
  • kdenlive full reset how to erase all config files
  • CentOS 7 8 yum error Trying other mirror. To address this issue please refer to the below wiki article
  • Microsoft Teams Linux - Calendar Doesn't Work Missed Meetings!
  • Scanner not working in Linux Ubuntu Fedora Mint Debian over the network? Use sane-airscan!
  • How To Boot, Install and Run Windows 2000 on QEMU-KVM
  • bash cannot execute permission denied
  • Huion and Wacom Tablets How To Install in Linux Mint / Ubuntu and make the stylus work properly
  • ffmpeg how to cut certain parts of video out
  • ffmpeg how to concat and join two video clips
  • mencoder instead of ffmpeg to join or concatenate video files with different audio streams
  • Linux How To Stop Missing Drive from Halting Boot Process in fstab
  • How To Replace Audio Track of Video using ffmpeg
  • qemu-img convert formats vdi vmdk raw qcow2
  • Linux and Windows Dual Boot Crazy Time Issues
  • dynagen / dynamips 100% high CPU usage solution - how to set the idlepc value