
What’s the difference between containers and virtual machines? - CrankyBear
https://blogs.dxc.technology/2019/03/11/whats-the-difference-between-containers-and-virtual-machines/
======
LinuxBender
_So, if containers are so wonderful why aren’t we all using them in place of
VMs? There are several reasons. First, containers are theoretically more
insecure than VMs._

Container breakout can be mitigated with SELinux. It can take a little more
initial setup to get that working, but we have mitigated 0-day vulns by having
SELinux enabled on docker hosts.

 _In practice, containers can also hold bad, out-of-date software that comes
with security issues. Containers can also be harder to manage–albeit
Kubernetes is taking care of the management issue._

This same issue applies equally to bare metal, VM's and containers. It comes
down to your build pipelines and the discipline of your org. If anything,
containers are easier to rebuild and deploy. VM images are usually a bit
bigger. Bare metal images even more so.

