Singluarity ineffectively applies selinux / apparmor LSM process labels

Impact Native Mode default Singularity's default native runtime allows users to apply restrictions to container processes using the apparmor or selinux Linux Security Modules LSMs, via the --security selinux: or --security apparmor: flags. LSM labels are written to process or thread attrs/exec...

CVE-2020-1690

An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack RHOSP containers could send messages to the dbus. With access to the dbus, t...