#jailbreak - Escaping the container- 1 min
It’s common knowledge that Docker containers should not be be run in privileged mode with a shared host PID namespace, but why? In this case a malicious actor, assuming they have access to the container via exec or a vulnerable application, could gain root access to the host using a program like
nsenter enables you to execute a process with the context of another process, for example PID 1.
This example will help provide a concrete example of escaping a container, enabling you to access the hosts file system and execute shell commands.
$ docker-machine start default $ docker run --privileged --rm --pid=host -ti ubuntu // This gives you access to the hosts file system $ nsenter --target 1 --mount sh
This one of many ways you can escape a container. When running containers you will want to drop other capabilities such as the ability to reboot a host from inside the container.