Tag
cgroups
Safeguard articles tagged "cgroups" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Container Security
Container isolation mechanisms explained: namespaces, cgroups, seccomp, and gVisor
Docker's default seccomp profile blocks roughly 44 of the 300-plus Linux syscalls, yet a 2019 runc escape bypassed every default namespace boundary anyway.
Jul 13, 20267 min read
Container Security
Container isolation with namespaces, cgroups, and seccomp
Namespaces, cgroups, and seccomp each isolate a different layer of a container — and a single misconfigured one, like CVE-2024-21626 showed, breaks all three.
Jun 27, 20266 min read
Vulnerability Analysis
Linux cgroups release_agent container escape (CVE-2022-0492)
CVE-2022-0492 lets containers with CAP_SYS_ADMIN escape via cgroup v1's release_agent. Impact, timeline, and concrete remediation steps inside.
Jan 9, 20267 min read