sielaq
commented
8 years ago Yes I'm aware of it, but this is the only way to spawn containers from container. But this has nothing to do with spawned containers - those depends on you and how you spawn it. If you spawn containers without privileges, without mouthing extra mount-points - then it is as secured as typical docker container (is docker container enough secured ?)
Hi,
Is there a way to run PanteraS without bind mounting
/var/run/docker.sock? As I'm sure you're aware, this basically gives the PanteraS container full privileges on the host and could open risks for multi-tenant environments. Do you agree? Would it be possible to break out of the PanteraS container by using a spawned container running right next to it?