Hacker News new | ask | show | jobs
by l23k4 19 days ago
Using containers as a security boundary is inexcusable.
3 comments
overfeed 19 days ago
That entirely depends on one's threat-model. Also, containerization is 100x better than rawdogging.
link
l23k4 18 days ago
> That entirely depends on one's threat-model

I think not, virtualization has such low overhead now that there's just no excuse. It's generally trivial to switch from containers to VMs.

link
koolala 19 days ago
It is excusable if all you care about is blocking sudo access while letting the ai use a pseudo sudo.
link
rafterydj 19 days ago
Could you elaborate on this?
link
l23k4 18 days ago
The cost-benefit ratio of using VMs over containers is very high. You trade negligible overhead for an actual security boundary.

Containers don't provide good isolation and tend to be trivial to break out of.

link