Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
lima
on Dec 16, 2019
|
parent
|
context
|
favorite
| on:
German BSI withholds Truecrypt security report
This is also nice for breaking in/out of Docker containers with bind mounts.
cyphar
on Dec 16, 2019
[–]
Not if you use user namespaces (which you really should).
lima
on Dec 17, 2019
|
parent
[–]
Which is not the default that Docker uses :(
One more reason to switch to podman, which has sane defaults.
cyphar
on Dec 17, 2019
|
root
|
parent
[–]
Or LXD/LXC which can run containers such that they are isolated from one another in terms of their id mappings.
Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
