Container Breakout Proof-of-Concept
Oh serious?!? A root user with access to the host kernel can do bad things? I am shocked!
At Docker we take security very seriously and try to be as transparent as possible. This morning proof of concept exploit code was published showing how to break out of a Docker Engine 0.11 container. The proof of concept exploit relies on a kernel capability that allows a process to open any file in the host based on its inode. On most systems, th...