参考资料统一归档文档
https://docs.docker.com/engine/security/
https://docs.docker.com/engine/security/apparmor/
https://en.wikipedia.org/wiki/Seccomp
https://docs.docker.com/engine/security/seccomp/
https://jimmysong.io/blog/docker-source-code-analysis-code-structure/
docker 源码翻阅
http://cn-sec.com/archives/157104.html https://book.hacktricks.xyz/linux-hardening/privilege-escalation/docker-breakout/docker-breakout-privilege-escalation/docker-release_agent-cgroups-escape
主要的参考文章, 我认为是写的最棒的一篇文章.
https://www.kernel.org/doc/html/latest/filesystems/overlayfs.html
https://www.kernel.org/doc/html/latest/filesystems/tmpfs.html
https://www.kernel.org/doc/html/latest/filesystems/proc.html?highlight=proc
https://book.hacktricks.xyz/linux-hardening/privilege-escalation/linux-capabilities
https://book.hacktricks.xyz/network-services-pentesting/2375-pentesting-docker#docker-basics
https://man7.org/linux/man-pages/man7/capabilities.7.html
https://man7.org/linux/man-pages/man7/xattr.7.html
Video: https://www.youtube.com/watch?v=BQlqita2D2s
Demo PPT: https://i.blackhat.com/USA-19/Thursday/us-19-Edwards-Compendium-Of-Container-Escapes-up.pdf
http://119.23.219.145/posts/%E5%AE%B9%E5%99%A8-cgroup-%E6%95%B4%E4%BD%93%E4%BB%8B%E7%BB%8D/
https://arthurchiao.art/blog/cgroupv2-zh/
https://lwn.net/Articles/531114/
https://www.kernel.org/doc/Documentation/cgroup-v1/rdma.txt