📰 2026-05-05 12:30 更新
🔸 CVE-2026-31431: Copy Fail vs. rootless containers / CVE-2026-31431 :复制失败与无根容器
🔗 CVE-2026-31431: Copy Fail vs. rootless containers
🔥 18 points
原文:
Table of ContentsIntroductionIn the previous post about SELinux MCS and GitLab runners, I briefly mentioned CVE-2026-31431 (“Copy Fail”) as a motivating example for per-job VM isolation. After that post went out I spent the weekend setting up a lab to actually run the exploit, trace it at the syscall level, and verify that the rootless Podman architecture we deploy on GNOME’s runners would contain it. This post documents the entire process: from disassembling the shellcode to watching the ker…
译文:
目录简介在关于SELinux MCS和GitLab runner的上一篇文章中,我简要地提到了CVE-2026-31431 ( “复制失败” )作为每个作业VM隔离的激励示例。那篇文章发布后,我花了一个周末的时间建立了一个实验室来实际运行漏洞,在系统调用级别跟踪它,并验证我们在GNOME的运行器上部署的无根Podman架构是否包含它。这篇文章记录了整个过程:从 拆卸shellcode以监视ker…
自动更新 · 正文抓取 · 双语翻译