[callahad]

How's Docker security these days? Wouldn't there be risks of exploiting remote code execution vulnerabilities in the old browsers, then finding a way to attack the host from within the container?

Especially given that, if I'm reading this right, all users within the container have complete, password-free sudo access: https://github.com/ikreymer/netcapsule/blob/2ff2f5d74fb517ee...

I guess an attacker would also have to get the malicious code into one of the archives somehow, but that should be possible, right?

[ikreymer]

Yes good point, this warrants some more research. The sudo was useful for install but I should see if it can be removed. Should also explore if there are concrete ways that the host can be attacked from the container, if a user does manage to execute code. Please comment if anyone has any other suggestions for improving security.