If there is any attack surface within a properly-configured container, that's a kernel bug, right?
Probably. If I remember correctly, containers on Linux are implemented using the kernel's namespaces. The same ones which became famous for the vulnerabilities they surfaced in previously unexercised code.
Probably. If I remember correctly, containers on Linux are implemented using the kernel's namespaces. The same ones which became famous for the vulnerabilities they surfaced in previously unexercised code.