We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
It was found that AppArmor, and potentially SELinux, can be bypassed when /proc inside the container is symlinked with a specific mount configuration.
/proc
Fixed in runc v1.1.5, by prohibiting symlinked /proc: #3785
This PR fixes CVE-2023-27561 as well.
Avoid using an untrusted container image.
ssst0n3 Reporter
Impact
It was found that AppArmor, and potentially SELinux, can be bypassed when
/procinside the container is symlinked with a specific mount configuration.Patches
Fixed in runc v1.1.5, by prohibiting symlinked
/proc: #3785This PR fixes CVE-2023-27561 as well.
Workarounds
Avoid using an untrusted container image.