kolla

History

Radosław Piliszek 2daf4331a6 Fix writable rootwrap/privsep config Fixes a hypothetical security issue related to privilege escalation via rootwrap/privsep. A potential vulnerable service could previously allow writes to its rootwrap/privsep config and thus allow for more commands to be run with root privileges via rootwrap/privsep. For a succesful attack, this would also require the service to allow to run arbitrary commands via rootwrap/privsep. Thus far, no such vulnerabilities have been reported and thus this fix is simply strengthening the container images against such an issue in the future. Change-Id: I92c81c77e6a16570a108cde8031f7977930fb02a Closes-Bug: #1874298	2022-10-10 15:06:05 +00:00
..
placement-api	docker: drop binary parts	2022-04-09 17:44:26 +02:00
placement-base	Fix writable rootwrap/privsep config	2022-10-10 15:06:05 +00:00

Radosław Piliszek 2daf4331a6 Fix writable rootwrap/privsep config

Fixes a hypothetical security issue related to privilege escalation via
rootwrap/privsep. A potential vulnerable service could previously allow
writes to its rootwrap/privsep config and thus allow for more commands
to be run with root privileges via rootwrap/privsep. For a succesful
attack, this would also require the service to allow to run arbitrary
commands via rootwrap/privsep. Thus far, no such vulnerabilities have
been reported and thus this fix is simply strengthening the container
images against such an issue in the future.

Change-Id: I92c81c77e6a16570a108cde8031f7977930fb02a
Closes-Bug: #1874298

2022-10-10 15:06:05 +00:00

placement-api

docker: drop binary parts

2022-04-09 17:44:26 +02:00

placement-base

Fix writable rootwrap/privsep config

2022-10-10 15:06:05 +00:00