24-28 August 2020
US/Pacific timezone

What's Left After openat2?

24 Aug 2020, 07:05
Microconference1/Virtual-Room (LPC 2020)


LPC 2020

Containers and Checkpoint/Restore MC Containers and Checkpoint/Restore MC


Mr Aleksa Sarai (SUSE LLC)


openat2 landed in Linux 5.6, but unfortunately (though it does make it easier to implement safer container runtimes) there are still quite a few remaining tricks that attackers can use to attack container runtimes. This talk will give a quick overview of the remaining issues, some proposals for how we might fix them, and how libpathrs will make use of them. In addition, a brief update on libpathrs will be given.

Examples of attacks include:

  • Fake /proc mounts.
  • Bind-mounting on top of magic-links (such as /proc/$pid/attr/exec).
I agree to abide by the anti-harassment policy I agree

Primary author

Mr Aleksa Sarai (SUSE LLC)

Presentation Materials