I've been playing with containers on my lab cluster, and I noticed that containers can see ALL storage attached to the host by simply checking lsblk, either with priviledged or unpriviledged containers. Is this the correct behavior? if so, how can I go about masking the host's storage from the container?
containers displaying all storage on host
- Thread starter alexskysilk
- Start date
-
- Tags
- containers lxc security
LXC does not hide all infos from /sys or /proc, so that is expected behavior. But you are not allowed to access any of those devices from within a container.