[michalhosna]

It is a feature with warning everywhere. You'll need physical access to the device to enable docker.

I think is still a very nice feature to release even if it's no complete and fully secure yet.

> your router is as secure as anything you run in container; > if you run container, there is no security guarantee of any kind; > running a 3rd party container image on your router could open a security hole/attack vector/attack surface;

https://help.mikrotik.com/docs/display/ROS/Container#Contain...

[xx_ns]

I think the key difference here is that it enabled root access to the host RouterOS, which is generally not something that RouterOS permits, enables, or allows. It's why the word "jailbreaking" can even be used in a RouterOS context - it's similar to jailbreaking iOS or rooting an Android phone, where the end-user is NOT meant to have root access to the device.