From 8a16f2b652c87594b8f195cb4c0de0b962b73ed2 Mon Sep 17 00:00:00 2001
From: Anton Khirnov <anton@khirnov.net>
Date: Sun, 18 Oct 2020 17:12:39 +0200
Subject: targets: add more docs

---
 lbup/targets.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lbup/targets.py b/lbup/targets.py
index 2b4908f..e7e161e 100644
--- a/lbup/targets.py
+++ b/lbup/targets.py
@@ -207,6 +207,7 @@ class TargetSSHLVM(TargetSSH):
     This target backs up a remote host using LVM snapshots.
 
     All the dirs backed up must be on same LV.
+    Requires root login on the system.
     """
     _snapshot_size = None
 
@@ -367,6 +368,11 @@ class TargetSSHLXCLVM(TargetSSHLVM):
 
     :param SSHRemote parent_remote:
     """
+    # The container is treated as untrusted, so all code here needs to be
+    # careful to avoid giving it access to anything it would not have otherwise.
+    # Specifically, any information obtained by running binaries in the
+    # container should be assumed to have been potentially maliciously
+    # manipulated. No binaries from the container should be run as the (host) root.
     _parent_remote     = None
     _lxc_username      = None
     _lxc_containername = None
-- 
cgit v1.2.3