Security issues with cgroup device access in privileged container
I’m currently working on a project where I need to edit a runc configuration to stop allowing for wildcard cgroup device access inside the container, or essentially writing below to devices.allow. This is apparently due to some potential s…