Linux containers are at most a privilege escalation away from breaking. Also, is... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		marcosdumay on July 5, 2015 \| parent \| context \| favorite \| on: Try PostgreSQL 9.5 Linux containers are at most a privilege escalation away from breaking. Also, isn't Docker people the ones talking about unikernels? Where everything run not only with superuser powers, but at kernel level?

rmgraham on July 5, 2015 [–]

Though in a Unikernel, the kernel only implements what is needed to run the service. So a database, for example, would be lacking functionality like a shell to escape to.. or even a TTY to run that shell on.. or an implementation of connect() to even initiate outbound TCP connections, in the extreme case.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact