canonical / lxd

Powerful system container and virtual machine manager

https://canonical.com/lxd

GNU Affero General Public License v3.0

4.35k stars 931 forks source link

The command fork bomb :(){ :|:& };: inside a container. #13927

Closed imba-pericia closed 2 months ago

imba-pericia commented 2 months ago

I don't know if this is normal or not... But, after entering the command :(){ :|:& };: inside the container, the result spread to the host. In the video, at the beginning, the two right windows are the LXC container, and the left one is the host.

Required information

Distribution: openSUSE Leap 15.6
- Kernel version: 6.4.0-150600.23.17-default
- LXC version: 5.16
- LXD version: 5.16

security.privileged: "true"

https://github.com/user-attachments/assets/6fad060c-02c2-4a2f-afc9-b643e53cf297

markylaing commented 2 months ago

security.privileged does not provide any security. It is important to set limits (limts.cpu/limits.memory) on containers to prevent them from consuming too much memory.