[oblio]

Yeah, but is it limited to Docker containers? Can other container types be attacked in the same way?

[jo909]

It is a reasonable _assumption_ that other container runtimes on linux might be affected by the same kernel bug. The article does not explore that and the author has no duty to do so just to avoid using a branded technology name.

How would you reasonably talk about "Linux containers" without having a very exhaustive list of all existing implementations and testing all of them? If one of them is not affected you are now factually wrong.

[chowyuncat]

The exploit overwrites kernel memory credentials of a task structure. That structure is the lynchpin of kernel security, including SELinux.

[dchest]

Sure, you can write an article demonstrating exploitation of Ubuntu containers and call it "Escaping Ubuntu containers".

[chowyuncat]

The former part was exactly what was done.