Slacker News Slacker News logo featuring a lazy sloth with a folded newspaper hat
  • top
  • new
  • show
  • ask
  • jobs
Library
← Back to context

Comment by roboben

5 hours ago

docker is not a security boundary but a resource boundary.

2 comments

roboben

Reply
cute_boi  5 hours ago

It is security boundary but a weak one. Escaping from docker is very hard.

  • rvz  1 hour ago

    > Escaping from docker is very hard.

    You mean a microVM.

    A docker LPE (local privilege escalation) requires a kernel exploit such as Copyfail would work under docker but not in a microVM.

Slacker News

Product

  • API Reference
  • Hacker News RSS
  • Source on GitHub

Community

  • Support Ukraine
  • Equal Justice Initiative
  • GiveWell Charities