[mmagin]

I don't know if it was true when the article was written, but at least today some of what the author writes in http://catern.com/posts/docker.html#sec-4 is untrue.

https://docs.docker.com/engine/security/security/#linux-kern...

[catern]

From your link:

>One primary risk with running Docker containers is that the default set of capabilities and mounts given to a container may provide incomplete isolation, either independently, or when used in combination with kernel vulnerabilities.