AppArmor restrictions may be bypassed due to improper validation of mount targets, allowing a malicious image to mount volumes over e.g. /proc.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2021-0085" }
{ "imports": [ { "symbols": [ "ApplyProfile" ], "path": "github.com/opencontainers/runc/libcontainer/apparmor" }, { "symbols": [ "CloseExecFrom" ], "path": "github.com/opencontainers/runc/libcontainer/utils" } ] }
{ "imports": [ { "symbols": [ "readCon", "writeCon" ], "path": "github.com/opencontainers/selinux/go-selinux" } ] }