|
|
|
|
|
|
by cpuguy83
1539 days ago
|
|
|
Except the default seccomp policy is not used for Kubernetes containers. I didn't really think about this vector where you CLONE_NEWUSER in a container... definitely on systems that allow unprivileged users to do this it is a problem. |
|
|