NoNewPrivileges support was added to the OCI spec and is in the process of being added to runc. The purpose of this issue is to discuss options for integrating this into docker. There are two options:
- Add a flag to enable this setting optionally.
- Enable this setting by default for all containers.
Any thoughts?
@crosbymichael @LK4D4 @rhatdan
NoNewPrivileges support was added to the OCI spec and is in the process of being added to runc. The purpose of this issue is to discuss options for integrating this into docker. There are two options:
Any thoughts?
@crosbymichael @LK4D4 @rhatdan