Мерц резко сменил риторику во время встречи в Китае09:25
The fact that we must run the container with sudo is explained by the fact that it must be privileged and have access to our images directory in /var/lib/containers/storage.
,这一点在同城约会中也有详细论述
Container egress filtering uses nftables rules inside the container. A root process with cap_net_admin could bypass these rules. The pixel user has restricted sudo that only permits safe-apt, dpkg-query, systemctl, journalctl, and nft list.。heLLoword翻译官方下载对此有专业解读
20+ curated newsletters