Security and boundaries

> Given that I've had script kids email me about their private exploits that break out of OpenVZ, that's false.

I didn't say it was impossible; I did say, based on ten years of customer experience, it doesn't seem to happen in the wild. I've got a variety of possible exploits for sets of containers and hypervisors which security people love to construct. The fact is that hackers in the wild get paid per compromised system. All the known Virtual Environment exploits are difficult two level ones (get into the system then get into the host). In today's homogeneous environment, it's way more profitable to use a single level exploit to compromise all the hosts than an elaborate two level one.

> Even my own enlightenment exploit framework turns any kernel exploit into one that breaks out of any container: OpenVZ, linux-vserver, LXC, chroots, user namespaces.

I see that as a net win for containers: most guest to host exploits are zero day kernel privilege escalation bugs which tend to have a lot of people looking for them and which get fixed as soon as they're found. The hypervisor equivalents lurk in much less well used and tested code.

> I think this distorted view of reality has much more to do with:
> "The customers of Parallels (where Bottomley is the CTO)"
> Parallels happens to sell a "solution" using containers:
> http://sp.parallels.com/products/pvc/

We all peddle a commodity ... even security advice. The best way of handling apparent conflicts like this is transparency. Experts tend to practise their expertise for remuneration so if you distrust them because of that, then you're left with only believing people who don't know what they're talking about.