GO-2022-0396
and 7 other vulnerabilities
GO-2022-0396 : Devices resource list treated as a blacklist by default in github.com/opencontainers/runc
GO-2022-0452 : Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc
GO-2022-0914 : Mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc
GO-2023-1682 : Rootless: /sys/fs/cgroup is writable when cgroupns isn't unshared in github.com/opencontainers/runc
GO-2023-1683 : AppArmor bypass with symlinked /proc in github.com/opencontainers/runc
GO-2024-3110 : Can be confused to create empty files/directories on the host in github.com/opencontainers/runc
GO-2025-3543 : WITHDRAWN: Libcontainer is affected by capabilities elevation in github.com/opencontainers/runc
GO-2025-4098 : Container escape and DDoS due to arbitrary write gadgets and procfs write redirects in github.com/opencontainers/runc
Discover Packages
github.com/opencontainers/runc
libcontainer
specconv
package
Version:
v1.0.0-rc5
Opens a new window with list of versions in this module.
Published: Feb 27, 2018
License: Apache-2.0
Opens a new window with license information.
Imports: 9
Opens a new window with list of imports.
Imported by: 166
Opens a new window with list of known importers.
Documentation
¶
Rendered for
linux/amd64
windows/amd64
darwin/amd64
js/wasm
Package specconv implements conversion of specifications to libcontainer
configurations
CreateLibcontainerConfig creates a new libcontainer configuration from a
given specification and a cgroup name
Example returns an example spec file, with many options set so a user can
see what a standard spec file looks like.
ToRootless converts the given spec file into one that should work with
rootless containers, by removing incompatible options and adding others that
are needed.
¶
Click to show internal directories.
Click to hide internal directories.
Affected by 
Documentation
¶
Source Files