

Docker breakout exploit analysis - jenandre
https://medium.com/@fun_cuddles/docker-breakout-exploit-analysis-a274fff0e6b3

======
amluto
_sigh_

Linux has had user namespaces for a while, and user namespaces solve this
problem.

Yes, they have their share of bugs (I've found quite a few of them), but
they're _far_ better than doing containerization with funny cgroup games and
crossed fingers (i.e. what Docker does now).

~~~
philips
This is coming to Docker. libcontainer is getting support for user
namespaces[1] and the Docker engine will have a static configurable root map
once the changes land.

[1]
[https://github.com/docker/libcontainer/pull/23](https://github.com/docker/libcontainer/pull/23)

