2016-09-22 15:02 GMT+02:00 Jann Horn <jann@xxxxxxxxx>: > This was fixed by Eric Biederman in the "Bind mount escape fixes" patch series > in August 2015. > Relevant commits are 397d425d and cde93be4 (maybe more? I'm not sure). So, now is not possible to escape from bind ? There was a reference to this in official Docker docs. Just for my info: to escape from the container, an attacker would have to move the bound directory directly from the host? Having access only to the container would't make this issue happen ? In example, if I have bound as follow: /mnt/dir1 => /home/myuser/path_inside_container moving (from the host) /mnt/dir1 to somewhere else like /tmp/dir1 will make the container able to escape ? _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
