Wanted to start a discussion about this - in particular I’m wondering what the specific implications are for kubespawner/binderhub
1 Like
It sounds like it requires permission to run docker
commands, in particular docker cp
, and therefore shouldn’t be exploitable by a process such as Jupyter running inside the container.