Hi,
I'm one of the engineers working on container runtimes at Modal and am currently investigating the usage of Docker inside gVisor. We saw that giving CAP_SYS_ADMIN and CAP_SYS_NET to the sandbox is required for it to work and wanted to ask a few questions about the security implications of doing so:
Cheers,
Ryan
--
You received this message because you are subscribed to the Google Groups "gVisor Users [Public]" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gvisor-users...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/gvisor-users/4c7441df-5d9a-46f5-9cf8-cb631d7945ban%40googlegroups.com.