История изменений

Судя по ссылке, речь идет о древних временах; с тех пор ситуация поменялась. В конце, кстати, коммент:

Worth noting that with Docker 1.10+ and User namespacing, the root user inside a container is no longer the root user outside of the container. whilst that reduces the risk of breakout, it also prevents this scenario of loading a kernel module as the root user inside the container wouldn't have the appropriate rights outside the container. – Rоry McCune Feb 12 '16 at 18:20

Можно информацию посвежее и поконкретнее (без абстракций на тему «а вот если у вас будет эксплоит...»)?

Судя по ссылке, речь идет о древних временах; с тех пор ситуация поменялась. В конце, кстати, коммент:

Worth noting that with Docker 1.10+ and User namespacing, the root user inside a container is no longer the root user outside of the container. whilst that reduces the risk of breakout, it also prevents this scenario of loading a kernel module as the root user inside the container wouldn't have the appropriate rights outside the container. – Rоry McCune Feb 12 '16 at 18:20

Можно информацию посвежее и поконкретнее (без абстракций на тему «а вот если у вас будет эксплоит...»?

Судя по ссылке, речь идет о древних временах; с тех пор ситуация поменялась. В конце, кстати, коммент:

Worth noting that with Docker 1.10+ and User namespacing, the root user inside a container is no longer the root user outside of the container. whilst that reduces the risk of breakout, it also prevents this scenario of loading a kernel module as the root user inside the container wouldn't have the appropriate rights outside the container. – Rоry McCune Feb 12 '16 at 18:20

Worth noting that with Docker 1.10+ and User namespacing, the root user inside a container is no longer the root user outside of the container. whilst that reduces the risk of breakout, it also prevents this scenario of loading a kernel module as the root user inside the container wouldn't have the appropriate rights outside the container. – Rоry McCune Feb 12 '16 at 18:20