search

datasci-osu / dsosuk8s

DataScience@OregonState
2 stars 1 forks source link

check on SYS_ADMIN capability security #9

Open oneilsh opened 4 years ago

oneilsh commented 4 years ago

Apparently this is dangerous, though in my (brief) testing it didn't work, maybe it's been patched: https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/

oneilsh commented 4 years ago

I couldn't find a way to break out, but not requiring priviledge would someday be cool (fuse? could then do something like EFS...)