Navigation
Recherche
|
[$] A container-confinement breakout
mercredi 6 mars 2019, 17:24 , par LWN.net
The recently announced
container-confinement breakout for containers started with runc is interesting from a few different perspectives. For one, it affects more than just runc-based containers as privileged LXC-based containers (and likely others) are also affected, though the LXC-based variety are harder to compromise than the runc ones. But it also, once again, shows that privileged containers are difficult—perhaps impossible—to create in a secure manner. Beyond that, it exploits some Linux kernel interfaces in novel ways and the fixes use a perhaps lesser-known system call that was added to Linux less than five years back.
https://lwn.net/Articles/781013/rss
|
56 sources (32 en français)
Date Actuelle
jeu. 25 avril - 15:58 CEST
|