Post Syndicated from jzb original https://lwn.net/Articles/961086/

Once again, runc—a tool
for spawning and running OCI containers—is drawing attention due to a high
severity container breakout attack. This vulnerability is interesting for
several reasons: its potential for widespread impact, the continued difficulty
in actually containing containers, the dangers of running containers
as a privileged user, and the fact that this vulnerability is made possible
in part by a response to a previous
container breakout flaw in runc.