Naked Container: A container run without the default AppArmor, default Seccomp, or SELinux. Naked Containers make me sad.
and apart from resource limits, is there anything you wouldn't be able to secure without seccomp/LSMs?
-
-
Writing to specific areas of proc and sys, blocking cloning new userns inside the container blocking ptrace
-
but with namespaces that don't have GLOBAL_ROOT_UID mapped, /proc, /sys and ptrace() are harmless, right?
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.