|
|
|
|
|
|
by encryptluks2
1835 days ago
|
|
|
Almost all container breakout concerns rely on running containers as a privileged user: https://stackoverflow.com/questions/53024790/kubernetes-supp... There is an issue that I've been tracking, and there has been a new PR that will hopefully land soon to implement this in Kubernetes in a simplified manner: https://github.com/kubernetes/enhancements/issues/127 As for whether security policies prevent breakouts, it really depends on what the exploit is but they can significantly help. The idea of user namespace remapping solves a secondary issue though... if there is a breakout, what user privileges will they have. |
|
|