1 Comment

I thought it is possible to create namespaces where a container thinks it's running something as root but when in reality it's running as a different user if looked at from the host. There is some isolation that has been improved now when using docker/kubernetes. Am I misunderstood?

Expand full comment