Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Beyond a method of software distribution, docker containers are also a nice sandbox. Apps run inside docker will have very limited access to the rest of the system unless you explicitly give access.


But don’t assume it is a security perimeter, mostly because the docket developers don’t.

It’s a lock on the door - keeps honest people honest and erroneous rm -rf confined. But it might not stop a determined hacker.


Sandboxing should be left to the OS/User and not part of the "binary" distribution method imo


Not at all. Docker is a security disaster.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: