On 04/05/2017 08:25 PM, ben...@gmail.com wrote:
> I really don't know - I just observed that behaviour when I went to
> deploy the fix to my own systems. It does seem like a bug, but I'm not
> familiar enough with nixos's systemd integration to explain it.
I suspect this line:
https://github.com/
I really don't know - I just observed that behaviour when I went to deploy
the fix to my own systems. It does seem like a bug, but I'm not familiar
enough with nixos's systemd integration to explain it.
On Wed, Apr 5, 2017 at 1:27 PM, Daniel Peebles wrote:
> Benley: any idea why that is? It see
Benley: any idea why that is? It seems kind of unusual for nixos-rebuild
switch to not change things like that...
On Tue, Apr 4, 2017 at 6:28 PM, ben...@gmail.com wrote:
> Worth noting: Running `nixos-rebuild switch` is insufficient to make
> this fix take effect. You may need to run `systemct
Worth noting: Running `nixos-rebuild switch` is insufficient to make
this fix take effect. You may need to run `systemctl restart
docker.socket` or reboot before the permissions on /run/docker.sock
will be corrected.
On Mon, Apr 3, 2017 at 8:19 PM, Graham Christensen wrote:
> -BEGIN PGP SIG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Date:2017-04-03
CVE-ID: CVE-2017-7412
Service: docker
Type:local privilege escalation
Summary
===
NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which
allows local users to gain privileges by executing docker comman
