|
|
|
|
|
|
by zapita
2525 days ago
|
|
|
> But in a privileged container you could still take away capabilites and/or permissions with an apparmor profile. Right, what you want is “privileged except for XYZ”, which is not supported by Docker. That’s a missing feature which is not the same as a bug. Calling it a security bug is even more misleading. > Sometimes that happens, sometimes it does not. And when it does not, you have no way of knowing. Right, it should fail every time. That is a bug. But it’s not security bug, and fixing that bug won’t give you the feature you want, it will just make it clearer that the feature is not supported. |
|
|