Y
Hacker News
new
|
ask
|
show
|
jobs
by
thinkmassive
2908 days ago
If the same compromised app is running natively then the entire system is now compromised. Capabilities and namespaces can be used with or without containers.
1 comments
auslander
2908 days ago
1. You may have different apps, owned by different owners, running as containers on same underlying host machine.
2. Not running docker means you can lock your httpd by chroot, FreeBSD jail or OpenBSD pledge.
link
2. Not running docker means you can lock your httpd by chroot, FreeBSD jail or OpenBSD pledge.