Christopher Allan Webber at 2014-12-23T22:47:17Z


  • It seems pretty easy to escalate oneself out of the docker container (I saw @joeyh do it, and I think it's been done multiple other times before)
  • "verifying signatures" without doing so at all
  • a container system which is closer to VMs in heaviness but seems to be mistaken by many for a solution where you want to dockerize a whole OS

... well, it's not a pretty picture. At least the Docker hype is exciting people about the possibility of other container solutions!

Claes Wallin (韋嘉誠),, Stephen Michael Kellat likes this.

Steven Rosenberg, Claes Wallin (韋嘉誠), Stephen Michael Kellat shared this.

I am not interested in Docker/Rocker/etc. for security. I'm interested in people being able to deploy their own "OS" across a cluster while still keeping the hardware interface centrally managed via the outer OS.  I fully intend to punch holes through the container for Infiniband, GPU access, etc.  Security is managed elsewhere for my area's application. at 2014-12-27T00:46:15Z