If you believe you have found a security vulnerability in rsrun, please report it privately rather than opening a public GitHub issue.
Send a description including:
- The affected version / commit hash
- A minimal reproducer (config.json, command, kernel version)
- The impact you've observed or believe is possible
We'll acknowledge receipt and work with you on a coordinated disclosure timeline.
In scope:
- Container escapes, host privilege escalation
- Information leaks across the runtime / container boundary
- Denial-of-service against the host from a container the runtime was used to launch
For the current threat model and what rsrun actively defends against, see docs/security.md.