Hacker News new | ask | show | jobs
by lbradstreet 4145 days ago
I assume you mean data outside the container?

Maybe you could at least silo the utility that needs to delete so that it can easily be inspected and so you don't have to trust the whole program.
1 comments
richo 4145 days ago
Exactly. A setuid `delort-container` utility would be a good start.
link