Eric's patch which Stéphane mentioned fixes the ptrace attack vector for me. The userspace part of stealing the /proc fd referring to /proc on the host is hopefully fixed by my patch.
Eric's patch which Stéphane mentioned fixes the ptrace attack vector for me. The userspace part of stealing the /proc fd referring to /proc on the host is hopefully fixed by my patch.