mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-10-31 23:06:04 +00:00
720fb219ce
On 4.9.x and 4.14.x kernels ebpf verifier bugs allow ebpf programs to access (read/write) random memory. Setting kernel.unprivileged_bpf_disabled=1 mitigates this somewhat until it is fixed upstream. See: - https://lwn.net/Articles/742170 - https://lwn.net/Articles/742169 Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>