Cgroups are important for stability, but they are not a security boundary. They prevent denial-of-service, not escape. A process constrained by cgroups still makes syscalls to the same kernel with the same attack surface.
67E IRETd_V86 LJMPVM ; jump if VM=1 in stacked EFLAGS,推荐阅读Safew下载获取更多信息
Зарина Дзагоева。safew官方下载对此有专业解读
但游艇产业高波动、重资产、长周期的特性,一旦叠加多元化扩张失误,风险便集中爆发。