1b:I[1659,["874","static/chunks/874-5853b36c417a5f43.js","598","static/chunks/598-8e8b350c69b61725.js","735","static/chunks/735-5d5145bb0f79dc16.js","405","static/chunks/app/%5Blocale%5D/item/%5Bid%5D/page-b0ef2b6c2502e4ad.js"],"default"] 1c:I[8170,["874","static/chunks/874-5853b36c417a5f43.js","598","static/chunks/598-8e8b350c69b61725.js","735","static/chunks/735-5d5145bb0f79dc16.js","405","static/chunks/app/%5Blocale%5D/item/%5Bid%5D/page-b0ef2b6c2502e4ad.js"],"default"] 1a:[["$","$L1b",null,{"story":{"by":"jenandre","descendants":2,"id":7913420,"kids":[{"by":"amluto","id":7913797,"kids":[7913877],"parent":7913420,"text":"sigh

Linux has had user namespaces for a while, and user namespaces solve this problem.

Yes, they have their share of bugs (I've found quite a few of them), but they're far better than doing containerization with funny cgroup games and crossed fingers (i.e. what Docker does now).","time":1403138606,"type":"comment"}],"score":16,"text":"","time":1403131973,"title":"Docker breakout exploit analysis","type":"story","url":"https://medium.com/@fun_cuddles/docker-breakout-exploit-analysis-a274fff0e6b3"},"locale":"zh","dictionary":"$6:props:children:1:props:children:1:props:children:0:props:dictionary","comments":[{"by":"amluto","id":7913797,"kids":"$1a:0:props:story:kids:0:kids","parent":7913420,"text":"sigh

Linux has had user namespaces for a while, and user namespaces solve this problem.

Yes, they have their share of bugs (I've found quite a few of them), but they're far better than doing containerization with funny cgroup games and crossed fingers (i.e. what Docker does now).","time":1403138606,"type":"comment"}]}],["$","div",null,{"className":"space-y-6 mt-8","children":[["$","h2",null,{"className":"text-lg font-semibold border-b pb-2","children":"1 comment"}],["$","div",null,{"className":"space-y-6","children":[["$","$L1c","7913797",{"comment":"$1a:0:props:comments:0","locale":"zh","dictionary":"$6:props:children:1:props:children:1:props:c