Comment by scuff3d
I feel like a crazy person reading these comments, "oh it tries to bypass limitations, delete files, and generally nuke my system... But it's cool, I trust it"
I feel like a crazy person reading these comments, "oh it tries to bypass limitations, delete files, and generally nuke my system... But it's cool, I trust it"
Exactly. Also, it's not clear to me if some of these people think that containers are a sandbox or they simply don't care about security.
For anyone out there who thinks that containers are a sandbox...
There's a reason why gVisor exists:
https://github.com/google/gvisor#why-does-gvisor-exist
There's a reason why secureblue doesn't use containers:
https://news.ycombinator.com/item?id=45045190
There's a reason why Qubes OS doesn't use containers.