Hertz: Abusing privileged and unprivileged Linux containers

hey, author here. yes, I did *totally* ignore the hard-work being done on SELinux + non-ubuntu/debian based systems. this is nothing against those systems (or for them). in my time as a penetration tester working on container systems, almost every single one I have evaluated was either LXC or Docker, using a debian/ubuntu baseOS, with AppArmor used as the LSM. this paper was very much intended to be 'stories from the trenches', so it represents what I've encountered, and how they can often be insecure by default (or in somewhat subtle ways).

if you know of anyone using RHES / SELinux based containers, feel free to send em my way. I know me and aaron would love to audit them :)