Comment by zie

Comment by zie 3 days ago

0 replies

View on Hacker News

You can make containers mostly as hardened security wise as a VM (but generally none of that comes by default), the big thing you can't get that a VM gives you is a new kernel instance. In a VM you have to break 2 kernels to totally own a machine.

In a container, provided the container software doesn't do it for you(which is likely true), you just have to break 1 kernel.