|
|
|
|
|
|
by staticassertion
82 days ago
|
|
|
They're suggesting that the attacker is in a position to `docker run`. Any attacker in that position has privesc to root, trivially. Rootless mode requires unprivileged user namespaces, disabled on almost any distribution because it's a huge security hole in and of itself. |
|
|