Hacker News new | ask | show | jobs
by roboben 1 day ago
docker is not a security boundary but a resource boundary.
1 comments
cute_boi 1 day ago
It is security boundary but a weak one. Escaping from docker is very hard.
link
rvz 1 day ago
> Escaping from docker is very hard.

You mean a microVM.

A docker LPE (local privilege escalation) requires a kernel exploit such as Copyfail would work under docker but not in a microVM.

link