From 0c0b542b22bf9ec0614778f09afb143310af57b5 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@bento.schottelius.org>
Date: Wed, 27 Nov 2013 16:41:31 +0100
Subject: [PATCH] lxc is still insecure

Signed-off-by: Nico Schottelius <nico@bento.schottelius.org>
---
 blog/lxc-insecure-since-2011.mdwn | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 blog/lxc-insecure-since-2011.mdwn

diff --git a/blog/lxc-insecure-since-2011.mdwn b/blog/lxc-insecure-since-2011.mdwn
new file mode 100644
index 00000000..5af70ce4
--- /dev/null
+++ b/blog/lxc-insecure-since-2011.mdwn
@@ -0,0 +1,24 @@
+[[!meta title="LXC still insecure (since 2011)"]]
+
+For a customer of mine I was researching whether
+we could use [LXC](http://linuxcontainers.org/) for
+virtualisation. 
+The customer is migrating to Debian 7, 
+[which does not contain OpenVZ anymore](https://wiki.debian.org/OpenVz).
+
+Although the 
+[Debian template bug](http://permalink.gmane.org/gmane.linux.kernel.containers.lxc.general/5102) is still not fixed, I first thought it would still
+be usable when writing our own templates. But it turns
+out that LXC still allows to
+[execute code as root on the host since 2011](http://blog.bofh.it/debian/id_413).
+
+More background information for those of you who are currently considering
+LXC:
+
+   * [Ubuntu / User Namespaces in Linux](https://wiki.ubuntu.com/UserNamespace)
+   * [Gentoo Wiki](https://wiki.gentoo.org/wiki/LXC#MAJOR_Temporary_Problems_with_LXC_-_READ_THIS)
+   * [Debian Bug Report](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680469)
+
+So for the moment my recommendation is [QEMU](http://wiki.qemu.org/Main_Page) (KVM has been merged back into QEMU!).
+
+[[!tag lxc vm unix]]