|
|
|
|
|
|
by mmh0000
482 days ago
|
|
|
I'll agree that "Docker" has a history of "interesting" security practices. But the core technologies underlying containers: Namespaces, cgroups, POSIX Capabilties, and SELinux. "Should" provide a level of isolation equivalent to a virtual machine[1]. If you're using a decent container platform like Podman, you should feel relatively good about the application's security and isolation. [1] https://www.redhat.com/en/blog/how-selinux-separates-contain... |
|
|