Affected by GO-2022-0452
and 4 other vulnerabilities
GO-2022-0452: Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc
GO-2022-0914: mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc
GO-2023-1682: rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc in github.com/opencontainers/runc
GO-2023-1683: runc AppArmor bypass with symlinked /proc in github.com/opencontainers/runc
GO-2024-3110: runc can be confused to create empty files/directories on the host in github.com/opencontainers/runc
package
Version:
v1.0.0-rc93
Opens a new window with list of versions in this module.
Published: Feb 3, 2021
License: Apache-2.0
Opens a new window with license information.
Imports: 4
Opens a new window with list of imports.
Imported by: 2
Opens a new window with list of known importers.
Documentation
¶
Caps holds the capabilities for a container.
New creates a new Caps from the given Capabilities config.
ApplyBoundingSet sets the capability bounding set to those specified in the whitelist.
Apply sets all the capabilities for the current process in the config.
Source Files
¶
Click to show internal directories.
Click to hide internal directories.