In my case, I’m not a fan of running unknown code on the host. Docker and LXC are ways of running a process in a virtual security sandbox. If the process escapes the sandbox, they’re in your host.
If they escape inside a VM, that’s another layer they have to penetrate to get to the host.
It’s not perfect by any stretch of the imagination, but it’s better than a hole in the head.
In my case, I’m not a fan of running unknown code on the host. Docker and LXC are ways of running a process in a virtual security sandbox. If the process escapes the sandbox, they’re in your host.
If they escape inside a VM, that’s another layer they have to penetrate to get to the host.
It’s not perfect by any stretch of the imagination, but it’s better than a hole in the head.