GO-2025-3830
and 5 other vulnerabilities
GO-2025-3830 : Moby firewalld reload makes published container ports accessible from remote hosts in github.com/docker/docker
GO-2026-4883 : Moby has an Off-by-one error in its plugin privilege validation in github.com/docker/docker
GO-2026-4887 : Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker
GO-2026-5617 : Docker: Race condition in docker cp allows bind mount redirection to host path in github.com/docker/docker
GO-2026-5668 : Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap in github.com/docker/docker
GO-2026-5746 : Docker: `PUT /containers/{id}/archive` executes container binary on the host in github.com/docker/docker
Discover Packages
github.com/docker/docker
internal
rootless
specconv
package
Version:
v28.3.0+incompatible
Opens a new window with list of versions in this module.
Published: Jun 20, 2025
License: Apache-2.0
Opens a new window with license information.
Imports: 9
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
Documentation
¶
ToRootfulInRootless is used for "rootful-in-rootless" dind;
the daemon is running in UserNS but has no access to RootlessKit API socket, host filesystem, etc.
This function does:
* Fix up OOMScoreAdj (needed since systemd v250: https://github.com/moby/moby/issues/46563 )
ToRootless converts spec to be compatible with "rootless" runc.
* Remove non-supported cgroups
* Fix up OOMScoreAdj
* Fix up /proc if --pid=host
* Fix up /dev/shm and /dev/mqueue if --ipc=host
v2Controllers should be non-nil only if running with v2 and systemd.
¶
Click to show internal directories.
Click to hide internal directories.
Affected by 
Documentation
¶
Source Files