mirror of
https://github.com/jackyzha0/quartz.git
synced 2025-12-26 14:24:05 -06:00
16 lines
375 B
Markdown
16 lines
375 B
Markdown
Every pod (and therefore container) can do direct syscalls to the kernel of the node.
|
|
|
|
If there are security bugs in the kernel, these can be exploited by the containers directly.
|
|
|
|
## Links:
|
|
|
|
[[CKS]]
|
|
|
|
**from**:: [[CKS Video Course]]
|
|
|
|
**contributes to**:: [[Container Isolation]]
|
|
**related research**:: [[What Have Namespaces Done for You Lately?]]
|
|
|
|
[[security]]
|
|
|
|
202403241148 |