This story continues at The Next Web
Our digitised version of the FT newspaper, for easy reading on any device.
。Line官方版本下载对此有专业解读
В России ответили на имитирующие высадку на Украине учения НАТО18:04
The critical thing to understand is namespaces are visibility walls, not security boundaries. They prevent a process from seeing things outside its namespace. They do not prevent a process from exploiting the kernel that implements the namespace. The process still makes syscalls to the same host kernel. If there is a bug in the kernel’s handling of any syscall, the namespace boundary does not help.