mirror of
https://github.com/docker/cli.git
synced 2026-01-15 07:40:57 +03:00
1a4e7d1b20
mqueue can not be mounted on the host os and then shared into the container. There is only one mqueue per mount namespace, so current code ends up leaking the /dev/mqueue from the host into ALL containers. Since SELinux changes the label of the mqueue, only the last container is able to use the mqueue, all other containers will get a permission denied. If you don't have SELinux protections sharing of the /dev/mqueue allows one container to interact in potentially hostile ways with other containers. Signed-off-by: Dan Walsh <dwalsh@redhat.com> Upstream-commit: ba38d58659cc155aebf89a2ea4cfc3cd7ba04a64 Component: engine