Kevin Nisbet

Thanks, this is an item I want to revisit, as I was trying to get the PoC working quickly for default configurations. I wasn't able to figure out the client-go...

That's correct, the proof of concept implements it's own client to exploit the bug, and I've only written in support for using client TLS certs to authenticate and test the...

I suspect it's not all that complicated, just a matter of looking at how client-go handles this, and mapping this to the raw HTTP requests that are made. However, I...

What version of go do you have on you're system? I'm not sure about the first issue, but strings.Builder should be part of go's stdlib, which if it can't be...

Based on the info you have provided, I'm not sure I understand what the issue would be. This particular failure, is largely within the client-go code, which loads the kubeconfig,...

I believe runsc blocks unix domain sockets by default. So you need to pass the `--fsgofer-host-uds=true` flag to runsc if memory serves. Also, by passing a docker socket, it looks...

> but is it possible to only pass a flag when starting a specific container? I think you'd need to setup a second runtime in the docker daemon.json, and then...

I can't speak for the authors at all, but I'm sure they've got alot to consider when it comes to looking at additional ways to intercept syscalls. That man page...

@jeyaprabhuj-tts you should be able to create the firewall rules on the bridge interface, that use a source or destination of the container IP as part of the rule. I...

Some of this is addressed in PR https://github.com/gravitational/gravity/pull/803