The recently announced
container-confinement breakout for containers started with runc is interesting from
a few different perspectives.
For one, it affects more than just runc-based containers as privileged LXC-based containers (and likely
others) are also
affected, though the LXC-based variety are harder to compromise than the
runc ones.
But it also, once again, shows that privileged
containers are difficult perhaps impossible to create in a secure manner.
Beyond that, it
exploits some Linux kernel interfaces in novel ways and the fixes use a
perhaps lesser-known system call that was added to Linux less than five
years back.
The 10 Best Linux Distros for Developers
makeuseof.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from makeuseof.com Daily Mail and Mail on Sunday newspapers.
Weaveworks GitOps Project – Flux – Graduates in the Cloud Native Computing Foundation
streetinsider.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from streetinsider.com Daily Mail and Mail on Sunday newspapers.
Flux Graduates from the Cloud Native Computing Foundation Incubator
streetinsider.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from streetinsider.com Daily Mail and Mail on Sunday newspapers.
Flux Graduates from the Cloud Native Computing Foundation Incubator
prnewswire.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from prnewswire.com Daily Mail and Mail on Sunday newspapers.