On Thu, Feb 08, 2018 at 09:13:26PM +0100, Linus Lüssing wrote: > 2) Any file created within the container will always contain data > created from within this container only? Say, the (mapped, inner) > root user will not be able to create a file which will then > suddenly contain data which was used in another, but now deleted > container or LVM volume?
For this point I played a bit with the commands fallocate and truncate from within the container now. It seems that indeed even files that were created in a sparse way, so without allocating and filling blocks with specific data, will return zeroes upon read operations with ext4. According to the manpage of fallocate this seems to be a property of ext4. And I wasn't able to do a "mount -o remount,ro /", so I guess there is luckily no way for the inner root user to change such/any behaviour of the ext4 root filesystem, right? If that's so and if LVM itself has no inherent zeroing mechanism then that's actually a huge plus for LXC/LXD compared to KVM security wise, I guess? Regards, Linus _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
