Containers are often thought of as creating a light isolation boundary at the applicationlevel; an issue in one container won’t disturb the others containers. However, containers co-exist on the same host, sharing the same underlying OS and hardware resources.
The reality is that isolation cannot be treated as a security property of containers. Because containers share hosts, any compromise of the host—such as via kernel exploitation—removes the assumed isolation boundary. As a result, access to one container allows access to all other resources on the host.
Please fill all the required * fields.