[Bug 988348] New: enable setuid bit on lxc-user-nic
http://bugzilla.suse.com/show_bug.cgi?id=988348 Bug ID: 988348 Summary: enable setuid bit on lxc-user-nic Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Virtualization:Other Assignee: virt-bugs@suse.de Reporter: cbrauner@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- We're in the process of moving the devel project for lxc from Virtualization to Virtualization:containers (https://build.opensuse.org/package/show/Virtualization:containers/lxc). We're aiming at full support for unprivileged containers. Since unprivileged users are not allowed to attach veth devices to network bridges, lxc uses lxc-user-nic for a long time to do this. This is the only purpose of this binary and it is the only suid binary shipping with lxc. We're currently removing the suid bit during install but I'd really like to have this on by default. We're planning on packaging lxd and it will need lxc-user-nic as well. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=988348 Christian Brauner <cbrauner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cbrauner@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=988348 Antoine Ginies <aginies@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aginies@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=988348 http://bugzilla.suse.com/show_bug.cgi?id=988348#c2 --- Comment #2 from Christian Brauner <cbrauner@suse.com> --- Sorry, maybe I was unclear: I was just talking about Tumbleweed. Thanks! -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=988348 Charles Arnold <carnold@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|virt-bugs@suse.de |cbosdonnat@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=988348 http://bugzilla.suse.com/show_bug.cgi?id=988348#c3 Cédric Bosdonnat <cbosdonnat@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|cbosdonnat@suse.com |security-team@suse.de --- Comment #3 from Cédric Bosdonnat <cbosdonnat@suse.com> --- I think this is more likely for the security team than me. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=988348 http://bugzilla.suse.com/show_bug.cgi?id=988348#c4 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com Summary|enable setuid bit on |AUDIT-0: lxc: enable setuid |lxc-user-nic |bit on lxc-user-nic --- Comment #4 from Marcus Meissner <meissner@suse.com> --- that sounds like a bad idea to me. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com