Help understanding the security implications of adding the SYS_PTRACE capability

Hello,

I run an online labs environment were users can run code inside a docker container. I would like to provide a swift REPL to my users, but that requires that I add the SYS_PTRACE capability to their containers. The users are not root within their container. There isn't sensitive information inside the container. I'm not running on an old kernel that has the classic ptrace exploit. How significant of a security risk is adding the SYS_PTRACE capability?

Thank you,
James

I don't have first-hand experience here, but I think the docker community is likely a better spot for this since it's more about the environment.

Terms of Service

Privacy Policy

Cookie Policy