aboutsummaryrefslogtreecommitdiff
path: root/system/bubblewrap/README
diff options
context:
space:
mode:
Diffstat (limited to 'system/bubblewrap/README')
-rw-r--r--system/bubblewrap/README8
1 files changed, 8 insertions, 0 deletions
diff --git a/system/bubblewrap/README b/system/bubblewrap/README
new file mode 100644
index 000000000000..279bc9034d17
--- /dev/null
+++ b/system/bubblewrap/README
@@ -0,0 +1,8 @@
+Bubblewrap
+
+Many container runtime tools like systemd-nspawn, docker, etc. focus on
+providing infrastructure for system administrators and orchestration tools
+(e.g. Kubernetes) to run containers.
+
+These tools are not suitable to give to unprivileged users, because it is
+trivial to turn such access into to a fully privileged root shell on the host.
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-11 22:52:02 +0000