USN-2451-1: cgmanager vulnerability
6 January 2015
cgmanager could be made to expose sensitive information or devices to containers running on the system.
- cgmanager - Central cgroup manager daemon
Serge Hallyn discovered that cgmanager did not consistently enforce
proper nesting when modifying cgroup properties. A local attacker in a
privileged container could use this to set cgroup values for all cgroups.