From f2ae79a04567fb8c1181f4d3331d2b7a48889cf3 Mon Sep 17 00:00:00 2001 From: Andrian Nord Date: Thu, 26 Nov 2009 16:46:25 +0100 Subject: [PATCH] "Default" configuration may destroy host system If you're running (by mistake or typo) (via lxc-start) container that does not exists it will run with lxc.rootfs=/, meaning that /sbin/init will restart initialization procedure, efficiently messing host's system, that may lead to unpredictable results or even destroy (make inaccessible) host system (by reseting network configuration or something like that). (Actually, it _did_ destroy system of everyone who tested this). Actually, I finally lost any meaning of having such a feature for full-system containers. You may not use hosts's FS - it's described at above. You may not use some temporary directory - that's nonsense. This patch forbinds starting container via lxc-start without rcfile and custom start program, but probably it fixes only small part of problem. I really don't see much sense in such a feature without ability of overriding 'default' setting with command line switches. Anyway, default behaviour should be as save as possible. Signed-off-by: Andrian Nord Signed-off-by: Daniel Lezcano --- src/lxc/lxc_start.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/lxc/lxc_start.c b/src/lxc/lxc_start.c index b8d03e850..d2471ebba 100644 --- a/src/lxc/lxc_start.c +++ b/src/lxc/lxc_start.c @@ -173,6 +173,11 @@ int main(int argc, char *argv[]) return err; } + if (!rcfile && !strcmp("/sbin/init", args[0])) { + ERROR("no configuration file for '/sbin/init' (may crash the host)"); + return err; + } + if (my_args.daemonize) { /* do not chdir as we want to open the log file, -- 2.47.2