You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- lec1 Slide 5: '-.-->' is not valid mermaid (use '-.->'), quote emoji labels
- all submission templates with nested code blocks now use 4-backtick outer
fences so GitHub stops closing them at the first inner fence
- lab1 template + acceptance criteria still referenced /rest/products,
which 404s in Juice Shop v20.0.0 (moved to /api/Products)
Signed-off-by: Dmitrii Creed <creeed22@gmail.com>
What does the kernel difference imply for that attack class? (2-3 sentences.)
140
-
```
140
+
````
141
141
142
142
---
143
143
@@ -193,7 +193,7 @@ done | tee labs/lab12/results/io-bench.txt
193
193
194
194
### 12.6: Document in `submissions/lab12.md`
195
195
196
-
```markdown
196
+
````markdown
197
197
## Task 2: Isolation + Performance
198
198
199
199
### Isolation: /dev diff
@@ -229,7 +229,7 @@ kata:
229
229
When is the security gain (separate kernel, runc-CVE class blocked) worth the cost?
230
230
When isn't it? Give one example each (e.g., "multi-tenant SaaS workloads = yes;
231
231
single-tenant batch jobs = no").
232
-
```
232
+
````
233
233
234
234
---
235
235
@@ -286,7 +286,7 @@ sudo cat /tmp/lab12-target
286
286
287
287
### B.4: Document in `submissions/lab12.md`
288
288
289
-
```markdown
289
+
````markdown
290
290
## Bonus: Container-Escape PoC
291
291
292
292
### Vector chosen
@@ -329,7 +329,7 @@ Host verification:
329
329
- Why does Kata block what runc allows? (Reference: Kata's micro-VM filesystem IS NOT the host filesystem — bind mounts are virtualized via virtio-fs/9p inside the VM.)
330
330
- What real-world threat does this map to? (Multi-tenant CI runners running `--privileged` containers; misconfigured Kubernetes pods.)
331
331
- What does this NOT block? (Pure side-channel attacks on the kernel itself, cross-tenant timing attacks. Reading 12's "Confidential Containers" section is where THOSE get defenses.)
0 commit comments