|
|
|
|
|
|
by native_samples
1674 days ago
|
|
|
Containers were never actually designed to be sandboxes, and inside you have access to many system calls and a comparatively huge surface area inside the kernel and userland, all written in C, with a long history of local root exploits due to C based bugs. |
|
|