New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NoNewPrivileges support in docker #20329
Comments
It should definitely be optional, some people might want to run containers with lower privileges but still allow users to sudo or use setuid apps to raise privileges. I think Ping would be broken by turning this on by default at this point. |
@rhatdan Yes, I agree that is the safer option and won't break existing applications. |
Would that be a new option to |
@thaJeztah That sounds good to me since this is a security setting. |
SGTM |
This was fixed by #20727 😄 |
NoNewPrivileges support was added to the OCI spec and is in the process of being added to runc. The purpose of this issue is to discuss options for integrating this into docker. There are two options:
Any thoughts?
@crosbymichael @LK4D4 @rhatdan
The text was updated successfully, but these errors were encountered: