Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Docker containers can sandbox GUI apps[0], but I don't know if it's secure enough. Maybe not.

[0]: https://news.ycombinator.com/item?id=8426764



I'm not sure if docker is the right solution here, a VM would seem to be much better at this kind of isolation.

https://zeltser.com/security-risks-and-benefits-of-docker-ap...


The only concern I share with the author is this:

The isolation provided by Docker is not as robust as the segregation established by hypervisors for virtual machines.

As seen with CVE-2015-3629[0] for instance.

The other points: patch level and docker management isn't understood, seem to be people problems which can easily be corrected.

[0]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3629


So Docker running your firefox probably won't be as secure as doing it in a vm, but it will start pretty much instantly on your desktop where your vm wont, and it will be more secure than just running it natively.


Most tutorials show sharing and X11 server, but that's not a great security solution as X11 is totally insecure. But I am working on this with my project subuser. See http://subuser.org/news/0.3.html




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: