Docker User Namespaces

With the default settings of Docker daemon, it is possible for a “container breakout” – this means that the container gains root privileges on the host file system. This allows the container to do things like access another user’s files, install malicious scripts and make it globally executable, or even perform the infamous “rm -rf […]