Issue
Does mounting /dev/fd inside CageFS, have security implications?
Environment
- CloudLinux
- CageFS
- /dev/fd
Solution
Adding /dev/fd to the default CageFS device list is a generally safe change.
/dev/fd is typically a symlink to /proc/self/fd, which exposes a per-process view of its own open file descriptors.
But if the real /proc/self/fd is not accessible inside the cage, the symlink will break or point to an inaccessible location. So, just ensure that /proc/self/fd is visible and properly mounted inside CageFS as well.
Comments
0 comments
Please sign in to leave a comment.