What is "container escape", and what are common mitigations?
Correct! Well done.
Incorrect.
The correct answer is B) A container escape is when a process gains access to host resources outside its isolation (via a kernel bug, privileged mode, or bad mounts); mitigations include avoiding "--privileged", running as non-root, using seccomp/AppArmor, and patching the kernel
Correct Answer
A container escape is when a process gains access to host resources outside its isolation (via a kernel bug, privileged mode, or bad mounts); mitigations include avoiding "--privileged", running as non-root, using seccomp/AppArmor, and patching the kernel
Because containers share the host kernel, a vulnerability in the kernel or an overly permissive configuration (privileged mode, dangerous capabilities, exposed sockets) can allow a process to break out of its container boundary and affect the host or other containers.