|
|
|
|
|
|
by arno1
2687 days ago
|
|
|
Thank you @brauner for writing this blogpost! IIUC, using Docker's userns-remap would protect against this CVE by making the containers run unprivileged (container's id 0 != host's id 0) and should generally be the industry's best practice. |
|
|