Mailinglist Archive: opensuse-security (5 mails)

< Previous Next >
Re: [opensuse-security] Security issue with Docker / namespaces?
Never mind, more testing confirmed that it was a local issue.

Somehow my /var/lib/docker was trashed. Remove all the directory and
restarting from scratch solved the issue.

Regards,
JC

Le 24/01/2018 à 16:06, Jean-Christophe Baptiste a écrit :
Moreover, cat /etc/shadow shows host's users that should not be there
(understand: my user)...



Le 24/01/2018 à 16:01, Jean-Christophe Baptiste a écrit :
Hi guys,

I am afraid of a security issue with Docker.
Sorry but I have no other machines to test for now, so it might be a
local issue only.

I realized that today when running an Ubuntu container :

% docker run -ti --rm --hostname=ubuntu --net=host ubuntu /bin/bash

It runs a bash shell inside the Ubuntu container.

But, from within the container (screenshot attached):

% apt update
# should fail, not finding the command
% zypper refresh
# unexpectedly, it would work and refresh the host repos!

Of course, this is absolutely abnormal and I am still evaluating the
exact impact.

I can tell that the issue was not here one week ago (I have been a quite
intensive Docker user for around 2 years).

So I am not sure what is causing this behavior.


Looking forward to reading some feedbacks.


Best regards,





--
JCB

< Previous Next >
List Navigation