Hacker News new | past | comments | ask | show | jobs | submit login

out of curiousity, where you say Docker is "insecure" what specific aspects of Docker were you thinking of?



The docker daemon runs as a privileged user, so if you're able to break out of the container (which has been shown possible recently) then you can compromise the entire host OS.


Could you provide a reference for how to break our?


https://www.twistlock.com/labs-blog/breaking-docker-via-runc...

This is from a CVE that was released a little over a month ago.


That was a runc vuln, which affected other conatinerization solutions on Linux, not just docker.

Also it didn't really have anything to do with the Docker daemon running as root, it was triggered by the use of root users in containers (blocked if the user didn't do that, had decent SELinux setups or used user namespaces)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: