Aug 24 – 28, 2020
US/Pacific timezone

What's Left After openat2?

Aug 24, 2020, 7:05 AM
Microconference1/Virtual-Room (LPC Virtual)


LPC Virtual

Containers and Checkpoint/Restore MC Containers and Checkpoint/Restore MC


Mr Aleksa Sarai (SUSE LLC)


openat2 landed in Linux 5.6, but unfortunately (though it does make it easier to implement safer container runtimes) there are still quite a few remaining tricks that attackers can use to attack container runtimes. This talk will give a quick overview of the remaining issues, some proposals for how we might fix them, and how libpathrs will make use of them. In addition, a brief update on libpathrs will be given.

Examples of attacks include:

  • Fake /proc mounts.
  • Bind-mounting on top of magic-links (such as /proc/$pid/attr/exec).
I agree to abide by the anti-harassment policy I agree

Primary author

Mr Aleksa Sarai (SUSE LLC)

Presentation materials

Diamond Sponsor

Platinum Sponsors

Gold Sponsors

Silver Sponsors

Catchboxes Sponsor

Conference Services Provided By