undefined | Better HN

0 pointsoofbey6mo ago0 comments

A docker container isn’t as bulletproof as a VM but it would certainly block this kind of attack. They’re super fast and easy to spin up.

0 comments

It would not block many other attacks.

oofbeyOP6mo ago

Can you give some examples? I think of my containers as decently good security boundaries, so I'd like to know what I'm missing.

kwar136mo ago

Containers share resources at the OS level, VMs don't. That's the crucial difference.

Containers share the whole kernel (and more) so there's a massive attack surface.

j / k navigate · click thread line to collapse

It would not block many other attacks.

oofbeyOP6mo ago

Can you give some examples? I think of my containers as decently good security boundaries, so I'd like to know what I'm missing.

kwar136mo ago

Containers share resources at the OS level, VMs don't. That's the crucial difference.

Containers share the whole kernel (and more) so there's a massive attack surface.

j / k navigate · click thread line to collapse