|
2 | 2 |
|
3 | 3 | *** |
4 | 4 |
|
5 | | -**Security Note (01/21/22)**: |
| 5 | +**Docker advances container isolation and workloads with acquisition of Nestybox**: |
6 | 6 |
|
7 | | -A vulnerability ([CVE 2022-0185](https://ubuntu.com/security/CVE-2022-0185)) was |
8 | | -recently found in the Linux kernel, permitting a "User Namespace" escape (i.e., |
9 | | -an unprivileged user inside a user-namespace may gain root access to the |
10 | | -host). This vulnerability affects containers deployed with Sysbox as they always |
11 | | -use the Linux user-namespace for extra isolation. To mitigate it, check if your |
12 | | -kernel distro carries the fix. For Ubuntu, the fix has been released and requires |
13 | | -a [kernel update](https://ubuntu.com/security/notices/USN-5240-1). Reach out to the |
14 | | -[Sysbox Slack channel][slack] for further questions. |
| 7 | +Hi everyone, this is Cesar & Rodny, co-founders of [Nestybox](https://www.nestybox.com). |
15 | 8 |
|
| 9 | +We are humbled and excited to announce that Nestybox is now officially part of |
| 10 | +Docker, Inc! Docker is an excellent home for Sysbox, and this will accelerate |
| 11 | +innovation of Sysbox to advance container isolation and workloads. |
| 12 | + |
| 13 | +Please see this [blog](https://www.docker.com/blog/docker-acquires-nestybox-advancing-container-isolation-workloads/) and |
| 14 | +this [Q&A](https://www.nestybox.com/docker-nestybox-qa) for more info. Thanks! |
16 | 15 | *** |
17 | 16 |
|
18 | 17 | ## Contents |
@@ -183,6 +182,18 @@ users filing issues that help us improve Sysbox-EE. |
183 | 182 | To file issues with Sysbox-EE (e.g., bugs, feature requests, documentation changes, etc.), |
184 | 183 | please refer to the [issue guidelines](docs/issue-guidelines.md) document. |
185 | 184 |
|
| 185 | +## Security |
| 186 | +
|
| 187 | +If you find bugs or issues that may expose a Sysbox-EE vulnerability, please report |
| 188 | +these by sending an email to security@nestybox.com. Please do not open security |
| 189 | +issues in this repo. Thanks! |
| 190 | +
|
| 191 | +In addition, a few vulnerabilities have recently been found in the Linux kernel |
| 192 | +that in some cases reduce or negate the enhanced isolation provided by Sysbox |
| 193 | +containers. Fortunately they are all fixed in recent Linux kernels. See the |
| 194 | +Sysbox User Guide's [Vulnerabilities & CVEs chapter](https://github.com/nestybox/sysbox/tree/master/docs/user-guide/security-cve.md) |
| 195 | +for more info, and reach out on the [Sysbox Slack channel][slack] for further questions. |
| 196 | +
|
186 | 197 | ## Support |
187 | 198 |
|
188 | 199 | Reach us at our [slack channel][slack] or at `contact@nestybox.com` for any questions. |
|
0 commit comments