Naked Container: A container run without the default AppArmor, default Seccomp, or SELinux. Naked Containers make me sad.
but with namespaces that don't have GLOBAL_ROOT_UID mapped, /proc, /sys and ptrace() are harmless, right?
-
-
depends what kernel you are on, ptrace was not exactly harmless until the recent improvements a few months ago were merged
-
but only if you're relying on seccomp
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.