mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
1e64264697
mqueue can not be mounted on the host os and then shared into the container.
There is only one mqueue per mount namespace, so current code ends up leaking
the /dev/mqueue from the host into ALL containers. Since SELinux changes the
label of the mqueue, only the last container is able to use the mqueue, all
other containers will get a permission denied. If you don't have SELinux protections
sharing of the /dev/mqueue allows one container to interact in potentially hostile
ways with other containers.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| execdrivers | ||
| native | ||
| windows | ||
| driver.go | ||
| driver_unix.go | ||
| driver_windows.go | ||
| pipes.go | ||
| termconsole.go | ||
| utils_unix.go | ||