This repository has been archived by the owner on Apr 25, 2023. It is now read-only.
suggesting --security-opt seccomp:unconfined is irresponsible #220
Comments
|
Container escapes are a dime a dozen anyway. It should not be used as a blast door for running untrusted or insecure software. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Here it is recommended to disable docker seccomp in order to run athenapdf.
According to https://docs.docker.com/engine/security/seccomp/,
name_to_handle_atsyscall has a good reason to be blocked, that is - Cause of an old container breakoutRather than suggest users to allow historic vulnerabilities, it makes sense to instead refactor not to use the
name_to_handle_atsyscall.libudev is the culprit here, I'm not sure where that dependency is pulled in.
The text was updated successfully, but these errors were encountered: