pages tagged lxcNico Schotteliushttps://www.nico.schottelius.org//tags/lxc/Nico Schotteliusikiwiki2016-02-25T13:34:32ZLXC still insecure (since 2011)https://www.nico.schottelius.org//blog/lxc-insecure-since-2011/2016-02-25T13:34:32Z2015-02-03T14:47:26Z
<p>For a customer of mine I was researching whether
we could use <a href="http://linuxcontainers.org/">LXC</a> for
virtualisation.
The customer is migrating to Debian 7,
<a href="https://wiki.debian.org/OpenVz">which does not contain OpenVZ anymore</a>.</p>
<p>Although the
<a href="http://permalink.gmane.org/gmane.linux.kernel.containers.lxc.general/5102">Debian template bug</a> is still not fixed, I first thought it would still
be usable when writing our own templates. But it turns
out that LXC still allows to
<a href="http://blog.bofh.it/debian/id_413">execute code as root on the host since 2011</a>.</p>
<p>More background information for those of you who are currently considering
LXC:</p>
<ul>
<li> <a href="https://wiki.ubuntu.com/UserNamespace">Ubuntu / User Namespaces in Linux</a></li>
<li> <a href="https://wiki.gentoo.org/wiki/LXC#MAJOR_Temporary_Problems_with_LXC_-_READ_THIS">Gentoo Wiki</a></li>
<li> <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680469">Debian Bug Report</a></li>
</ul>
<p>So for the moment my recommendation is <a href="http://wiki.qemu.org/Main_Page">QEMU</a> (KVM has been merged back into QEMU!).</p>