AppArmor restrictions may be bypassed due to improper validation of mount targets, allowing a malicious image to mount volumes over e.g. /proc.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2021-0085" }
{ "imports": [ { "path": "github.com/opencontainers/runc/libcontainer/apparmor", "symbols": [ "ApplyProfile" ] }, { "path": "github.com/opencontainers/runc/libcontainer/utils", "symbols": [ "CloseExecFrom" ] } ] }
{ "imports": [ { "path": "github.com/opencontainers/selinux/go-selinux", "symbols": [ "readCon", "writeCon" ] } ] }