Debian TC vote on init system coupling
Debian TC vote on init system coupling
Posted Feb 28, 2014 22:24 UTC (Fri) by fandingo (guest, #67019)In reply to: Debian TC vote on init system coupling by javispedro
Parent article: Debian TC vote on init system coupling
I'm still looking for a concrete example of a service process escaping cgroups when using the systemd single-writer that lives in PID 1. The only thing I can come up with is a full kernel exploit, and that breaks everything. Even khim's worst-case scenario of root with unconfined_t, can't escape other processes from service cgroups. The manager will not allow it, and there's no way to replace the manager.
Posted Feb 28, 2014 22:35 UTC (Fri)
by mjg59 (subscriber, #23239)
[Link]
Debian TC vote on init system coupling