Wanted to start a discussion about this - in particular I’m wondering what the specific implications are for kubespawner/binderhub
1 Like
It sounds like it requires permission to run dockercommands, in particular docker cp, and therefore shouldn’t be exploitable by a process such as Jupyter running inside the container.