firecracker-microvm/firecracker
在 GitHub 查看Investigate running the jailer with reduced set of capabilities
Open
#1,190 建立於 2019年7月22日
Good first issuePriority: LowStatus: ParkedType: Enhancement
倉庫指標
- Star
- (34,348 star)
- PR 合併指標
- (平均合併 3天 17小時) (30 天內合併 67 個 PR)
描述
We currently start the jailer as the superuser (i.e. using sudo), and rely on the fact the process will deprivilege itself before exec-ing into Firecracker. It would be interesting to know if we can run the jailer using a more restricted set of capabilities instead of full superuser mode.