Question 1

What is a container escape?

Accepted Answer

A container escape occurs when an attacker breaks out of the isolated container environment to gain access to the host operating system or other containers. This can happen through kernel vulnerabilities, misconfigured privileges (such as running containers as root or with the --privileged flag), exposed Docker sockets, or writable host mounts that allow the attacker to modify host files.

Question 2

How can I prevent container escape attacks?

Accepted Answer

Run containers with the least privileges necessary — avoid --privileged mode, drop unnecessary Linux capabilities, and use a non-root user inside the container. Enable seccomp profiles and AppArmor/SELinux policies. Keep the host kernel and container runtime patched. Never mount the Docker socket into containers, and use read-only filesystems where possible.

Container Escape

Challenges

Frequently Asked Questions