|
|
|
|
|
|
by viraptor
2504 days ago
|
|
|
You've got two cases here: breaking out of default Docker config, or breaking out of kernel namespaces. The first one is very common now and really well tested. The second one is definitely security sandbox worthy. Docker also integrates with selinux and seccomp. Basically what I'm saying is, it's very much a security boundary. It's far from a decorative fence. |
|
|