The ultimate container nightmare is here: A security hole that can be used to escape from a container and be used to attach the host system.
21 plus ones
Shared publicly•View activity
- The question I have is how long do we think it's existed and how fast can we get patches
I'm hoping they're both short periods of time7d
- It's been in there pretty much all along. The patches are being pushed out now.7d
- I have always wondered about why SELinux wasn't the default way to run public Linux. Frankly, it is a toxic combo of sysadmin laziness + vendor unwillingness to properly compose their packages for SELinux usability.7d
- I like SELinux, but as I've written it's mandatory access control (MAC)is fundamentally different than Linux's default discretionary access control (DAC) security model.7d
- Isn't the fix just one chattr +i away?7d
- Well, yes, all true - and I think for public facing Linux that is a learning curve worth climbing.7d
- Damn, well it's getting patched, so I got that going for me
imgflip.com - So I Got That Goin For Me Which Is Nice7d
Add a comment...