Жители Санкт-Петербурга устроили «крысогон»17:52
2 days agoShareSave
。关于这个话题,搜狗输入法2026提供了深入分析
The mission has already faced years of delays, and Nasa is under pressure to get the astronauts on their way as soon as possible. However, the US space agency said it would not compromise on safety.
Let’s now imagine that the station is depressurized and, for the first time in decades, empty, operated entirely via computers and remote control. First, NASA and its partners must accept the need to deorbit—there’s no going back to save the ISS. This could be complicated: 23 countries in the European Space Agency, as well as Japan and Canada, are involved in the ISS partnership. And then there’s Russia. The Russians have committed to supporting the ISS only until 2028. But they did agree to help NASA in a contingency deorbit situation.
If you enable --privileged just to get CAP_SYS_ADMIN for nested process isolation, you have added one layer (nested process visibility) while removing several others (seccomp, all capability restrictions, device isolation). The net effect is arguably weaker isolation than a standard unprivileged container. This is a real trade-off that shows up in production. The ideal solutions are either to grant only the specific capability needed instead of all of them, or to use a different isolation approach entirely that does not require host-level privileges.