With recent updates we are receiving rkhunter reports about /dev/.lxc-boot-id being a hidden file. Easily fixed in rkhunter but which PVE/LXC package is responsible for creating this file?
Thanks!
Thanks!
[SOLVED] /dev/.lxc-boot-id
- Thread starter upnort
- Start date
I assume that rkhunter reports this from inside a container?
In any case lxc itself creates this file - see https://github.com/lxc/lxc/blob/master/src/lxc/conf.c#L3163
it's then bind mounted to /proc/sys/kernel/random/boot_id - see http://0pointer.de/blog/projects/ids.html
in short it is used (among other things) for `journalctl -b` to work
I hope this explains it.
Yes.
Ah, the missing link. So the recent lxc-pve package update is responsible for the new behavior.
Thank you!
not too sure it's so recent (AFAIR it's been that way since at least 6.1)
anyways - glad your question is answered
