Container Breakout Proof-of-Concept
Fri, 20 Jun 2014 22:01:46 +0200
Oh serious?!? A root user with access to the host kernel can do bad things? I am shocked!
#^Docker Container Breakout Proof-of-Concept Exploit | Docker Blog
#^Docker Container Breakout Proof-of-Concept Exploit | Docker Blog
At Docker we take security very seriously and try to be as transparent as possible. This morning proof of concept exploit code was published showing how to break out of a Docker Engine 0.11 container. The proof of concept exploit relies on a kernel capability that allows a process to open any file in the host based on its inode. On most systems, th...
This website is tracked using the Piwik analytics tool. If you do not want that your visits are logged this way you can set a cookie to prevent Piwik from tracking further visits of the site (opt-out).
That experience makes me think these things are sometimes better documented in the commit notes and changelogs than in blogs, unless they're really a serious issue on properly configured servers.