By default the Docker daemon runs as root. And if you add a regular user to the docker group, it can then basically gain root access to system. Or if there's a 0-day in the daemon that allows for "scaping" from a container, the exploiter is now root in the host.
By default the Docker daemon runs as root. And if you add a regular user to the docker group, it can then basically gain root access to system. Or if there's a 0-day in the daemon that allows for "scaping" from a container, the exploiter is now root in the host.