I see Docker mentioned every other thread and was wondering how useful it is for non development things, and if so what they are.
You must log in or register to comment.
Also, if server software running in a container gets compromised, hopefully the container can contain the compromise from spreading to the rest of the system.
Depends.
If there are no external volumes and the container is in its own network without any other containers, then any malware in the container shouldn’t be able to reach / affect the host server, because it’s isolated.
Even with external volumes, I don’t think there should be any mechanism where a container can escape a bind mount to affect the rest of the host fs? I use bind mounts all the time, far more than docker volumes.