|
|
|
|
|
|
by udev4096
341 days ago
|
|
|
Docker gives me at least some form of isolation. Yes, I know container escapes are possible but I run gvisor on top of it which is a strong sandbox. If I was just running as a systemd service as a user, all the attacker needs is a linux LPE, which is in abundance |
|
|