Hacker Neue

Preferences
mfro parent
Docker is not a sandbox. There is some work that can be done to harden it, but you're better off looking at genuinely sandboxing your dev environment
ashishb
What is genuine sandboxing? Everyone waives there hands by saying this
mfro OP
Good question with a lot of possible answers. You can take sandboxing as far as you want, really. I typically just use bubblewrap (linux)
ashishb
I have a perfect set up in inside docker that works.

I would love to know why bubblewrap is a superior alternative.

Here's mine https://github.com/ashishb/dotfiles/blob/067de6f90c72f0cf849...

mfro OP
My understanding is that docker escapes are not all that difficult, and your aliases really aren’t doing much to harden the container. but I am not an expert on the matter. I’m sure there is plenty of info online
ashishb
> My understanding is that docker escapes are not all that difficult,

  1. Show me how you would escape Docker
  2. Show me npm packages doing this in the wild

This item has no comments currently.

Keyboard Shortcuts

Story Lists

j
Next story
k
Previous story
Shift+j
Last story
Shift+k
First story
o Enter
Go to story URL
c
Go to comments
u
Go to author

Navigation

Shift+t
Go to top stories
Shift+n
Go to new stories
Shift+b
Go to best stories
Shift+a
Go to Ask HN
Shift+s
Go to Show HN

Miscellaneous

?
Show this modal