A flaw was found where rkt does not isolate processes in containers that are run with `rkt enter`. Processes run with `rkt enter` are not limited by cgroups during stage 2 (the actual environment in which the applications run). Compromised containers could exploit this flaw to access host resources.
Processes spawned by the ‘rkt enter’ command run with are not limited by cgroups during stage 2 ((the actual environment in which the applications run). Such processes could consume host resources to cause a denial of service.
Name: Yuval Avrahami (Twistlock)
Created rkt tracking bugs for this issue:
Affects: fedora-all [bug 1715685]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.