LXC containers share the same host UID/GID

[Gramdalf]

I've been messing around with linux namespaces, IDM, and in general UID/GID operations.

In doing so, I was messing around with LXC containers and noticed one simple but crucial detail: ALL LXC containers run as the same UID/GID mapping from host-guest.

For example:

• Create two Alpine Linux LXC containers on a loca ZFS storage backend (in my case, under the root dataset called medusa)
• ls -la /medusa:

root@aer:/medusa# ls -la
drwxr-xr-x 10 root   root   10 Nov 18 16:39 .
drwxr-xr-x 20 root   root   26 Nov  8 15:39 ..
drwxr-xr-x 19 100000 100000 19 Nov 18 16:38 subvol-101-disk-0
drwxr-xr-x 19 100000 100000 19 Nov 18 16:38 subvol-102-disk-0

Both LXC containers are mapped to the exact same UID:GID on the host - 100000:100000
Unless I'm unaware of some other detail, this is a relatively large security concern - if a user breaks out of any LXC container, they have access to the filesystem of every single LXC container on the host. This seems like a major security concern - unless I'm unaware of something such as an apparmor security profile etc.

Keep in mind that I'm new to all of this, and I haven't memorized all of proxmoxs' internal workings, but as I said - this seems like a big problem, and I was unable to find any additional information when searching the docs/forums etc.

 

[Gramdalf]

To be perfectly clear, I do not expect proxmox to be perfectly secure right out of the box - trying to do so can be very frustrating for developers - but I would at least expect to find mention of it somewhere.