Despite what some people will tell you (including many in the security indistry), Docker is not a strong security boundary, and it should not be treated as one. It shares a kernel with the running system.

It reminds me of the good old days when people would hand out low privilege Linux accounts and rely on the kernel to prevent privilige escalation. Docker is literally the same thing, just with extra steps. Especially today with new kernel LPE'S dropping every 5 minutes.

Yes, Podman is a bit better because you arent handing the attacker root, but... why hand them an account at all? Just use a grown up VM.

Or don't mount the Docker socket into containers

I rely on podman for my "devcontainers": https://github.com/evertheylen/probox. If anyone can point me to the weak points in my setup I'd appreciate it!

I really wish we would’ve gotten something more like jails or zones. Or better yet put the containers in a jail or zone. Is there a comprehensive sandbox for Linux like the bsds have?

Why not run a proper virtual machine?

> Make sure you're running a rootless VM engine (e.g. podman instead of docker) !

Aren't most people running docker rootless (at least on Linux)? Does podman do more?

You may run

> podman info --format '{{.Host.Security.Rootless}}'

to ensure podman is rootless in your config.

i wish opencode would have a protocol that puts real guardrails around its agents. rather that gaving to try and transplant weve had ssh for decades, surely you can wire a xomms pathway that cant deciate.