|
|
|
|
|
|
by anonacct37
3250 days ago
|
|
|
I don't want to spread FUD, but my understanding is that the container security model is not 100% and that's why people like AWS force your containers to run on EC2 instances. The container security model will almost certainly improve in the future, but for now I'm only ok with other people in my same company sharing the kernel, not incentivised attackers. [edit] I'm going to unfud my comment. Some further reading makes me think maybe they spin up something like kvm containers and use a minimal distribution such that they can get to "seconds". If it were me, I'd have pre-running instances of the base image that were ready for a customer to attach and own. |
|
|
Each container has hypervisor level isolation. We are not relying on kernel level isolation for security isolation between different user's containers.