alt Hacker Newsthat's a really good point .. but, I think 99% of docker users believe it is a a sandbox and treat it as such.
Replies
TacticalCoder • last Thursday at 1:03 AM
Not 99%. Many people run an hypervisor and then a VM just for Docker.
Attacker now needs a Docker exploit and then a VM exploit before getting to the hypervisor (and, no, pwning the VM ain't the same as pwning the hypervisor).
➕ show 2 replies
dist-epoch • last Wednesday at 11:02 PM
it is a sandbox against unintentional attacks and mistakes (sudo rm -rf /)
but will not stop serious malware
And not without cause. We've been pitching docker as a security improvement for well over a decade now. And it is a security improvement, just not as much as many evangelists implied.