Hacker News new | ask | show | jobs
by vrn21 149 days ago
every syscall on containers run on the kernal with full privelages, so if needed one can break out of the container and get access to the host
1 comments
ripped_britches 148 days ago
> with full privs

No that’s just a misconfigured container then.

Unless there is an exploit on an unpatched kernel bug, a properly configured container shouldn’t allow break out

link