SYSTEM Cited by 1 source

Docker

Docker is the container platform whose default Linux runtime, runC, composes kernel namespaces, cgroups, privilege dropping, seccomp, and mandatory access control (via SELinux or AppArmor) to produce the isolation properties a container gets. "Docker's runtime configuration manages how such features are used and configured." (Source: sources/2026-04-21-figma-server-side-sandboxing-containers-and-seccomp)

Not automatically a secure sandbox

Figma's framing, from the containers-and-seccomp article:

"By default, containers are not automatically secure sandboxes because the level of isolation provided depends very much on these three factors [runtime implementation, OS primitives and interface available to the runtime, runtime configuration]. A kernel vulnerability, a bug in the runtime implementation, and/or a runtime misconfiguration might allow a malicious workload to modify files and execute code on its host."

The three attack-surface axes for concepts/container-escape are exactly the three factors above.

"Unlike commodity VM solutions, containers place a much greater responsibility on the user to correctly configure the desired level of isolation. More control over security configuration also means more room to make mistakes."

Modern Docker defaults are more secure than they were (restricted capability set, default seccomp profile, user-namespace support), "but the responsibility is on the user — you — to check and make the necessary changes."

Rejected for Figma RenderServer

When Figma considered sandboxing RenderServer, Docker was considered first and rejected as too heavy for the use case:

"When we first thought about how to sandbox RenderServer, we briefly considered Docker, but soon realized that it would add significant upfront development work and complexity. For example, we would need to create a new service that sandboxes the RenderServer binary inside a secure Docker configuration, create an orchestration system to manage the service, and re-architect various services to make a network call to the RenderServer service instead of invoking the binary directly."

Figma picked nsjail as a drop-in alternative — same kernel primitives, no image / daemon / orchestration tax.

Positioning in the sandboxing landscape

• vs systems/nsjail: nsjail is a per-invocation command-line launcher over the same kernel primitives; Docker is a full container-image platform.
• vs systems/gvisor: gVisor can be a drop-in OCI runtime under Docker (runsc replaces runC); reduces kernel attack surface by interposing a user-space reimplemented kernel.
• vs VM-based isolation (systems/firecracker): containers share the host kernel, so a kernel-level escape (Dirty COW, Dirty Pipe, etc.) lands on the host; micro-VMs put a hypervisor boundary in between.

Seen in

• sources/2026-04-21-figma-server-side-sandboxing-containers-and-seccomp — canonical discussion of Docker + runC's attack-surface composition and why Figma rejected Docker for RenderServer.

Related

• systems/runc
• systems/containerd
• systems/kubernetes
• systems/nsjail
• systems/gvisor
• concepts/container-escape
• concepts/linux-namespaces
• concepts/linux-cgroup
• concepts/seccomp
• concepts/server-side-sandboxing