GO-2022-0452
and 6 other vulnerabilities
GO-2022-0452 : Default inheritable capabilities for linux container should be empty in github.com/opencontainers/runc
GO-2023-1627 : Opencontainers runc Incorrect Authorization vulnerability in github.com/opencontainers/runc
GO-2023-1682 : Rootless: /sys/fs/cgroup is writable when cgroupns isn't unshared in github.com/opencontainers/runc
GO-2023-1683 : AppArmor bypass with symlinked /proc in github.com/opencontainers/runc
GO-2024-3110 : Can be confused to create empty files/directories on the host in github.com/opencontainers/runc
GO-2025-3543 : WITHDRAWN: Libcontainer is affected by capabilities elevation in github.com/opencontainers/runc
GO-2025-4098 : Container escape and DDoS due to arbitrary write gadgets and procfs write redirects in github.com/opencontainers/runc
Discover Packages
github.com/opencontainers/runc
libcontainer
capabilities
package
Version:
v1.0.2
Opens a new window with list of versions in this module.
Published: Aug 20, 2021
License: Apache-2.0
Opens a new window with license information.
Imports: 5
Opens a new window with list of imports.
Imported by: 3
Opens a new window with list of known importers.
Documentation
¶
Rendered for
linux/amd64
windows/amd64
darwin/amd64
js/wasm
Caps holds the capabilities for a container.
New creates a new Caps from the given Capabilities config. Unknown Capabilities
or Capabilities that are unavailable in the current environment are ignored,
printing a warning instead.
ApplyBoundingSet sets the capability bounding set to those specified in the whitelist.
Apply sets all the capabilities for the current process in the config.
¶
Click to show internal directories.
Click to hide internal directories.
Affected by 
Documentation
¶
Source Files