undefined | Better HN

0 pointsj16sdiz1mo ago0 comments

according to this reddit post https://www.reddit.com/r/kubernetes/comments/1szn6p1/comment...?

> the primary mitigation is still patching the node kernel; user namespaces are blast-radius reduction, not a complete mitigation for this path

0 comments

1 comments · 1 top-level

parliament321mo ago

allowPrivilegeEscalation is unrelated to user namespaces. Many vendors do not yet have kernel patches available, but yes that'll eventually be the proper fix.

j / k navigate · click thread line to collapse