• lemmyvore@feddit.nl
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    7
    ·
    1 year ago

    Correct me if I’m wrong but containerization is enforced by the kernel, correct? If something escapes you’re pretty much screwed anyway.

    • Atemu
      link
      fedilink
      English
      arrow-up
      13
      ·
      1 year ago

      There are many layers involved in preventing escapes from containers.

    • Sethayy@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Way too dependent on the setup, a container with absolutely no outside access theoretically just has the kernel, but usually we want to communicate with our docker images not just run them