The following flaw has been fixed in Docker 1.3.2: "" Docker versions 1.3.0 through 1.3.1 allowed security options to be applied to images, allowing images to modify the default run profile of containers executing these images. This vulnerability could allow a malicious image creator to loosen the restrictions applied to a container’s processes, potentially facilitating a break-out. Docker 1.3.2 remedies this vulnerability. Security options applied to images are no longer consumed by the Docker engine and will be ignored. Users are advised to upgrade. "" Acknowledgements: Red Hat would like to thank the Docker project for reporting this issue. Reference: http://seclists.org/oss-sec/2014/q4/781
Created docker-io tracking bugs for this issue: Affects: fedora-all [bug 1167507] Affects: epel-6 [bug 1167508]
Statement: This issue did not affect the version of Docker as shipped with Red Hat Enterprise Linux 7. The next current release of Docker is < 1.30 and the next release will be based off of 1.3.2 or greater.
docker-io-1.3.2-2.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.