But...
Containers mean everything is separated right? Nothing can escape is what we were told.
Here's another reason to pay attention to patching your Linux systems against the Dirty COW vulnerability: it can be used to escape Docker containers. That news comes from Paranoid Software's Gabriel Lawrence, who describes the escape here. Dirty COW is a race condition in Linux arising from how Copy-On-Write (the COW in the …
When all the hype about Docker started I had a look at it and timely security updates was something that put me off the whole thing. That and the layer upon layer of the filesystem structure with seemingly no easy way to merge redundant layers was frankly a little psychotic (it may be better now, I haven't checked).