It is security boundary but a weak one. Escaping from docker is very hard. | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		cute_boi 8 hours ago \| parent \| context \| favorite \| on: How we run Firecracker VMs inside EC2 and start br... It is security boundary but a weak one. Escaping from docker is very hard.
		help

rvz 4 hours ago [–]

> Escaping from docker is very hard.

You mean a microVM.

A docker LPE (local privilege escalation) requires a kernel exploit such as Copyfail would work under docker but not in a microVM.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact