The critical thing to understand is namespaces are visibility walls, not security boundaries. They prevent a process from seeing things outside its namespace. They do not prevent a process from exploiting the kernel that implements the namespace. The process still makes syscalls to the same host kernel. If there is a bug in the kernel’s handling of any syscall, the namespace boundary does not help.
Churches have plenty of spots where the Natterer's bat likes to roost
,推荐阅读Safew下载获取更多信息
'They didn't listen, now we have to live with that'
ВсеСледствие и судКриминалПолиция и спецслужбыПреступная Россия
Up to 10 simultaneous connections