Tag: container

Testing CVE-2019-11043 (php-fpm security vulnerability) with LXD system containers

CVE-2019-11043 is a buffer overflow in php-fpm that under certain conditions, can lead to remote execution. There is an exploit at PHuiP-FPizdaM that targets certain nginx and php-fpm configurations. On their page, the describe how to use Docker to test this exploit. In this post, we use LXD to test the exploit and verify whether …

Continue reading

Permanent link to this article: https://blog.simos.info/testing-cve-2019-11043-php-fpm-security-vulnerability-with-lxd-system-containers/

How to add both a private and public network to LXD using cloud-init

When you launch a new LXD container, LXD applies the default LXD profile unless you specify a different profile. By adding configuration to a LXD profile, you can launch containers with specific parameters such as specific network configuration. In the following we see how this default LXD profile looks like, and then use cloud-init instructions …

Continue reading

Permanent link to this article: https://blog.simos.info/how-to-add-both-a-private-and-public-network-to-lxd-using-cloud-init/

How to use the LXD Proxy Device to map ports between the host and the containers

LXD supports proxy devices, which is a way to proxy connections between the host and containers. This includes TCP, UDP and Unix socket connections. For example, when someone connects to your host on port 80 (http), then this connection can be proxied to a container using a proxy device. In that way, you can isolate …

Continue reading

Permanent link to this article: https://blog.simos.info/how-to-use-the-lxd-proxy-device-to-map-ports-between-the-host-and-the-containers/

Using the LXD Kali container image

If you have a look at the list of container images for LXD (repository images:), you will notice the recent addition of the Kali container images. These were added by Re4son (@kali.org). But Kali is a security distribution, does it make sense to create system containers with Kali? LXD offers system containers, which are similar …

Continue reading

Permanent link to this article: https://blog.simos.info/using-the-lxd-kali-container-image/

How to know when a LXD container has finished starting up

You have just run lxc launch ubuntu:18.04 mycontainer and a new container is being created. The command returns very quickly (around 1-2s) and the container image starts running. The container image may take a few more seconds to complete, so that the init performs all the required tasks. The problem The question is, how do …

Continue reading

Permanent link to this article: https://blog.simos.info/how-to-know-when-a-lxd-container-has-finished-starting-up/

Reconnecting your LXD installation to the ZFS storage pool

You are using LXD and you are creating many containers. Those containers are stored in a dedicated ZFS pool, and LXD is managing this ZFS pool exclusively. But disaster strucks, and LXD loses its database and forgets about your containers. Your data is there in the ZFS pool, but LXD has forgotten them because its …

Continue reading

Permanent link to this article: https://blog.simos.info/reconnecting-your-lxd-installation-to-the-zfs-storage-pool/