-
## Bug Report
**General Information**
- Environment description: k3s
- Kernel version (run `uname -a`):
```
Linux thunderbird 6.9.1-arch1-1 #1 SMP PREEMPT_DYNAMIC Fri, 17 May 2024 16:56:38 +0…
-
When I use linux-hardened on arch linux, the following error gets logged: `Mar 01 08:12:46 linux systemd[1]: bpf-lsm: Failed to load BPF object: No such process`
Searching the logs for "bpf", I see:
…
jm355 updated
3 months ago
-
Hi Günther!
Could you please add a function which converts allowedAccess strings like { "execute, "writefile....} into AccessFSSet uint64.
There is already func (a AccessFSSet) String() string {....…
-
A sandboxed process is currently not restricted to send [signals](https://man7.org/linux/man-pages/man7/signal.7.html) (e.g. `SIGKILL`) to processes outside the sandbox. A simple way to control that w…
l0kod updated
3 months ago
-
Jason has noted that sometimes runs don't exit when they should. I (Taylor) have spotted a reproducible case of this. When running with NWS=12 (OWI), if a fort.22? file is missing, the run complains…
-
TTY's IOCTL commands such as `TIOCSTI` and `TIOCLINUX` can be abused since a few decades:
* https://isopenbsdsecu.re/mitigations/tiocsti/
* https://jdebp.uk/FGA/TIOCSTI-is-a-kernel-problem.html
T…
l0kod updated
3 weeks ago
-
System V message queues are acquired with msgget(2).
The key for acquiring these is in a system-global namespace,
so it seems that we might want to restrict their use somehow,
even when they are ra…
-
If a malicious image is specified in `FROM` accidentally (e.g. due to a typo), the attacker can easily steal GCP credential via `/secret`.
To prevent such attacks, how about isolating `RUN` instruc…
-
### Is there an existing issue?
- [X] I have searched the existing issues
### Experiencing problems? Have you tried our Stack Exchange first?
- [X] This is not a support question.
### Desc…
-
Controlling system calls isn't as simple as filtering them on syscall identity, but identity is the first criterion we filter on. I've gone through x86_64 syscalls and categorized them on the basis of…