Posts for: #containers

A deep dive into a powerful local privilege escalation exploit that abuses Linux's cryptographic sockets and the page cache. We explore how it works, why it gives passwordless root access, and how container runtimes stop it.

Running systemd inside a container is considered bad practice. I did it anyway, on purpose, for end-to-end testing. Here's why blindly following best practices can be worse than thoughtfully breaking them.