Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "OOMyPod: Nothin’ To CRI-O-bout" --> "... Three issues in CRI-O (the default Kubernetes’ container engine for Red Hat’s OpenShift and openSUSE’s Kubic), combined with an overzealous out-of-memory (OOM) killer in recent Linux kernels, can enable a partial container escape for hosts running CRI-O and Kubernetes ... There’s no need to panic, though. It’s good to note that there isn’t a generic complete container escape or node takeover path using these bugs" --> Patch? "Yes, as of CRI-O version 1.16.1" VG Bernd [0] https://capsule8.com/blog/oomypod-nothin-to-cri-o-bout/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler@itc.rwth-aachen.de https://www.itc.rwth-aachen.de