Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
container: bubblewrap runner: use --new-session to mitigate CVE-2017-…
…5226 Without it, it is possible to escape the sandbox via TIOCSTI ioctls on the session PTY. Related: containers/bubblewrap#555 Related: containers/bubblewrap#142 Related: https://news.ycombinator.com/item?id=30825088 Signed-off-by: Ariadne Conill <ariadne@dereferenced.org>
- Loading branch information