[atomic-devel] Nice work by Mrunal Patel

[Daniel J Walsh]

Docker-1.11 will add support for setting prctl(NO_NEW_PRIVS) via the 
docker command line

https://github.com/docker/docker/pull/20727
|docker run -it --rm --security-opt=no-new-privileges fedora bash

Basically if you run this command on a non privleged user account, it 
will disable any use
of setuid applications.  No process can gain privileges with this flag set.

For PAAS servers like OpenShift this is a big step forward in security.
|