Navigation
Search
|
[$] A container-confinement breakout
Wednesday March 6, 2019. 05:24 PM , from LWN.net
The recently announced
container-confinement breakout for containers started with runc is interesting from a few different perspectives. For one, it affects more than just runc-based containers as privileged LXC-based containers (and likely others) are also affected, though the LXC-based variety are harder to compromise than the runc ones. But it also, once again, shows that privileged containers are difficult—perhaps impossible—to create in a secure manner. Beyond that, it exploits some Linux kernel interfaces in novel ways and the fixes use a perhaps lesser-known system call that was added to Linux less than five years back.
https://lwn.net/Articles/781013/rss
|
25 sources
Current Date
Apr, Fri 26 - 23:34 CEST
|