Y
Hacker News
new
|
ask
|
show
|
jobs
by
chowyuncat
1999 days ago
It’s an information leak. Who knows what attackers can learn about the host via this channel. Why leak it unless you have to?
1 comments
jeffbee
1999 days ago
OK, that's not a complexity trade I'd be willing to make, but I can see it. However, that's unrelated to the nonsensical reason given by the article.
link
cats4256
1999 days ago
In traditional Docker installs, you (can) run as real UID 0 (and many containers do) with CAP_KILL [
https://docs.docker.com/engine/reference/run/
].
link