undefined | Better HN

0 pointsimmibis9mo ago0 comments

then it affects each one separately since they are separate processes. The fact they run the same code is irrelevant if the data is separate.

0 comments

galangalalgol9mo ago

Separate processes running the same shared instructions. If you compromise and modify those shared instructions, the othe container runs instructions of your choosing.

kbolino9mo ago

Layers are COW so one container modifying a layer has no effect on other containers started from the same image. Of course, preexisting vulnerabilities will remain but they'd have to be separately exploited in each container.

galangalalgol9mo ago

I learned something new today! Thank you.

Edit: to be clear, I knew the disk was COW but I thought it saved memory by loading one instance of shared objects into memory.

1 more reply

j / k navigate · click thread line to collapse

0 comments

galangalalgol9mo ago

Separate processes running the same shared instructions. If you compromise and modify those shared instructions, the othe container runs instructions of your choosing.

kbolino9mo ago

galangalalgol9mo ago

I learned something new today! Thank you.

Edit: to be clear, I knew the disk was COW but I thought it saved memory by loading one instance of shared objects into memory.

1 more reply

j / k navigate · click thread line to collapse