Christopher Allan Webber at 2014-12-23T22:47:17Z

Combine:

  • It seems pretty easy to escalate oneself out of the docker container (I saw @joeyh do it, and I think it's been done multiple other times before)
  • "verifying signatures" without doing so at all
  • a container system which is closer to VMs in heaviness but seems to be mistaken by many for a solution where you want to dockerize a whole OS

... well, it's not a pretty picture. At least the Docker hype is exciting people about the possibility of other container solutions!

Claes Wallin (韋嘉誠), lnxwalt@microca.st, Stephen Michael Kellat likes this.

Steven Rosenberg, Claes Wallin (韋嘉誠), Stephen Michael Kellat shared this.

I am not interested in Docker/Rocker/etc. for security. I'm interested in people being able to deploy their own "OS" across a cluster while still keeping the hardware interface centrally managed via the outer OS.  I fully intend to punch holes through the container for Infiniband, GPU access, etc.  Security is managed elsewhere for my area's application.

jasonriedy@fmrl.me at 2014-12-27T00:46:15Z