undefined | Better HN

0 pointsoofbey7mo ago0 comments

A docker container isn’t as bulletproof as a VM but it would certainly block this kind of attack. They’re super fast and easy to spin up.

0 comments

It would not block many other attacks.

oofbeyOP7mo ago

Can you give some examples? I think of my containers as decently good security boundaries, so I'd like to know what I'm missing.

kwar137mo ago

Containers share resources at the OS level, VMs don't. That's the crucial difference.

Containers share the whole kernel (and more) so there's a massive attack surface.

j / k navigate · click thread line to collapse

It would not block many other attacks.

oofbeyOP7mo ago

Can you give some examples? I think of my containers as decently good security boundaries, so I'd like to know what I'm missing.

kwar137mo ago

Containers share resources at the OS level, VMs don't. That's the crucial difference.

Containers share the whole kernel (and more) so there's a massive attack surface.

j / k navigate · click thread line to collapse