Containers are great for isolating trusted applications from one another to ease deployment, but using them for multi-tenant security is ill advised.
Since all containers share the same kernel, any local privilege escalation vulnerability in Linux can be used to escape the container. Such vulnerabilities are much more common than vulnerabilities in mature hypervisors, so virtualization is the safer choice.
Could you explain what the implications are? I can see it going really bad if the simple dev/urandom is shared, but what are the practical risks for dev/random? (apart from the simple dos on host/all containers by draining)
Agree. I keep telling that container may provide some benefits but its really not security (especially docker which uses LXC which is still not complete und as you said uses a shared kernel - one plus point is Ubuntu's combination with AppArmor which mitigates certain attacks but configuring AppArmor is itself often overseen. Other distros are worse).
If you want to secure one app from another, just use separate hardware.
We didn't have an irresponsible disclosure. We did recently present some of this information and were asked about our security policy. That policy wasn't yet published or announced so we decided it was important to get it out there, especially leading up to the Docker 1.0 release.
Please feel free to contact me, james@docker.com, if you have any questions or concerns about the policy.
Hm, maybe my comment sounded more harsh than I meant it to - I was more curious because I've seen similar statements from other companies after something bad had happened. Thanks for clarifying.
Since all containers share the same kernel, any local privilege escalation vulnerability in Linux can be used to escape the container. Such vulnerabilities are much more common than vulnerabilities in mature hypervisors, so virtualization is the safer choice.