It is well known that containers do not provide you safe isolation. It is not their purpose. They share kernel and page cache with the host. Any kernel exploit gives to someone in a container potential root control of the host (see DirtyPipe, DirtyCow). That's why you need VM-level isolation.
replydeleted
replytoday i'm one of the lucky 10k https://xkcd.com/1053/
replyLucky you! And lucky me for sharing the info :)
reply