Y
Hacker News
new
|
ask
|
show
|
jobs
by
wmf
95 days ago
It's pretty common to run VMs within containers so an attacker has to escape twice. You can probably disable 99% of system calls.