This repository has been archived by the owner on Jun 27, 2018. It is now read-only.
Use Docker's system call whitelisting features #255
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Docker supports system call whitelisting. This is necessary to protect the kernel from local privilege escalation exploits. This was a major feature of playpen.
The text was updated successfully, but these errors were encountered: