Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I feel like a crazy person reading these comments, "oh it tries to bypass limitations, delete files, and generally nuke my system... But it's cool, I trust it"




Exactly. Also, it's not clear to me if some of these people think that containers are a sandbox or they simply don't care about security.

For anyone out there who thinks that containers are a sandbox...

There's a reason why gVisor exists:

https://github.com/google/gvisor#why-does-gvisor-exist

There's a reason why secureblue doesn't use containers:

https://news.ycombinator.com/item?id=45045190

There's a reason why Qubes OS doesn't use containers.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: