Hacker News new | ask | show | jobs
by tyingq 3486 days ago
LXD supports using different id maps per container, which mitigates some of that.

I get that containers will always have a larger attack surface than Xen/KVM. Just thought it was worth mentioning that some container approaches are thinking about security more than others.
1 comments
bonzini 3486 days ago
Nope. If you get to the kernel it's game over.
link