In fact, the authors specifically say on the very first line of their website that the copy/fail primitive can be used as a container escape. The entire premise of this article is flawed and irresponsible.
In fact, the authors specifically say on the very first line of their website that the copy/fail primitive can be used as a container escape. The entire premise of this article is flawed and irresponsible.
AIUI they haven't shown a container escape and are just claiming it so far. Or did I miss something?
Having write access on anything you can read should be enough if libraries or binaries are shared (read-only) between the host and container.