[Saint_Genet]

Your first paragraph pretty much sums up what docker is, it’s a convenient way to design and build a system, but it is not a security mechanism.

If you’re building a system that’s handling classified information, there is probably not an accreditation authority in the world that would let you use containers or even hypervisors as a way to separate different information classes.

[foobar33333]

Docker _should_ be secure, any part that isn't secure is a bug which can be reported. That disconnected to the reality of whether docker actually is secure, but in theory it is meant to be.

Other implementation like podman get even better security by not running as root.

[tptacek]

The fundamental flaw of the Docker container security model is the shared kernel, which is a gigantic attack surface in which vulnerabilities are present, somewhat routinely, in functionality that can't be masked off with system call filters.

The win of virtualization is that the machinery required to hypervise a kernel is much, much smaller than the kernel itself; to use the 70s terminology, it's a minimized trusted computing base.

[Saint_Genet]

Absolutely it should be as secure as possible, but the fundamental concept of what a container is means it cannot be used for some high security concepts. One of the cornerstones of classified information security is physical separation, and containers just can’t provide that.