Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
pkg/sysctl: Prevent ebpf privilege escalation
On 4.9.x and 4.14.x kernels ebpf verifier bugs allow ebpf programs to access (read/write) random memory. Setting kernel.unprivileged_bpf_disabled=1 mitigates this somewhat until it is fixed upstream. See: - https://lwn.net/Articles/742170 - https://lwn.net/Articles/742169 Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
- Loading branch information