zlacker

[parent] [thread] 6 comments
1. socalg+(OP)[view] [source] 2025-12-17 22:40:48
that's a really good point .. but, I think 99% of docker users believe it is a a sandbox and treat it as such.
replies(3): >>freedo+13 >>dist-e+m3 >>Tactic+1j
2. freedo+13[view] [source] 2025-12-17 23:00:02
>>socalg+(OP)
And not without cause. We've been pitching docker as a security improvement for well over a decade now. And it is a security improvement, just not as much as many evangelists implied.
replies(1): >>fragme+w3
3. dist-e+m3[view] [source] 2025-12-17 23:02:28
>>socalg+(OP)
it is a sandbox against unintentional attacks and mistakes (sudo rm -rf /)

but will not stop serious malware

◧◩
4. fragme+w3[view] [source] [discussion] 2025-12-17 23:03:20
>>freedo+13
Must depend on who you've been talking to. Docker's not been pitched for security in the circles I run in, ever.
5. Tactic+1j[view] [source] 2025-12-18 01:03:04
>>socalg+(OP)
Not 99%. Many people run an hypervisor and then a VM just for Docker.

Attacker now needs a Docker exploit and then a VM exploit before getting to the hypervisor (and, no, pwning the VM ain't the same as pwning the hypervisor).

replies(2): >>briHas+cy >>windex+tE
◧◩
6. briHas+cy[view] [source] [discussion] 2025-12-18 03:43:53
>>Tactic+1j
'Double-bagging it' was what we called it in my day.
◧◩
7. windex+tE[view] [source] [discussion] 2025-12-18 05:16:11
>>Tactic+1j
Agreed - this is actually pretty common in the Proxmox realm of hosters. I segment container nodes using LXC, and in some specific cases I'll use a VM.

Not only does it allow me to partition the host for workloads but I also get security boundaries as well. While it may be a slight performance hit the segmentation also makes more logical sense in the way I view the workloads. Finally, it's trivial to template and script, so it's very low maintenance and allows for me to kill an LXC and just reprovision it if I need to make any significant changes. And I never need to migrate any data in this model (or very rarely).

[go to top]