What is a container escape?

A container is meant to be a sealed box: the process inside should only see and touch its own files, processes, and network. A container escape is any technique that breaks that seal and gives the attacker access to the underlying host.

Because every container on a host shares that one kernel, escaping to the host is game over for that machine: the attacker can read other containers, steal their secrets, and use the host as a launch point into the rest of the environment.

Escapes almost always come from a misconfiguration that hands the container too much access, not an exotic kernel bug. The usual routes:

• A privileged container that can mount the host disk.
• A mounted Docker socket, which is full control of the daemon.
• Host namespace sharing (--pid=host, --net=host).
• A host-path mount exposing the host filesystem.
• A dangerous capability such as CAP_SYS_ADMIN abusing cgroups.
• An unpatched kernel vulnerability (the rarer case).

In Kubernetes, escaping a pod onto its node is rarely the end. From the node the attacker can read every pod scheduled there, steal their service account tokens, and use those to talk to the API server and move across the whole cluster, then into the cloud account the cluster runs in.

That is why a single weak pod is a cluster-wide risk.

• Never run privileged containers or mount the Docker socket into workloads.
• Drop all capabilities and add back only what is needed; avoid CAP_SYS_ADMIN.
• Do not share host namespaces or mount sensitive host paths.
• Run as non-root, read-only root filesystem, with seccomp and AppArmor on.
• Enforce Pod Security Standards and admission control in Kubernetes.
• Patch the host kernel and test the cluster for real escape paths.