You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
when run under docker, dettrace requires --priviledged flag passed to docker, it would be nice to remove this flag, or a list of functions who depends on --priviledged flag.
The text was updated successfully, but these errors were encountered:
Elsewhere we discussed 8 orthogonal aspects of determinization/sanboxing. Maybe these can be a checklist to ask ourselves "does sandboxing this feature require --priviliged?".
(1) host file system: mount all or part of it (related: optional chroot)
(2) environment variables: add all or part of it
(3) special paths (/proc, /dev, etc)
(4) ASLR
(5) user-namespace
(6) PID namespace
(7) mount namespace -- re: ability to bindmount
(8) network — allow or disallow (or, record in the case of fingerprinter)
when run under docker, dettrace requires
--priviledged
flag passed to docker, it would be nice to remove this flag, or a list of functions who depends on--priviledged
flag.The text was updated successfully, but these errors were encountered: