Docker Blog: Docker Container Breakout Proof-of-Concept Exploit | Docker Blog (James Turnbull)

At Docker we take security very seriously and try to be as transparent as possible. This morning proof of concept exploit code was published showing how to break out of a Docker Engine 0.11 container. The proof of concept exploit relies on a kernel capability that allows a process to open any file in the host based on its inode. On most systems, th...