Graber, Stéphane (1 January 2014). “LXC 1.0: Security features [6/10]”. 12 February 2014閲覧。 “However, at least in Ubuntu, our default containers ship with what we think is a pretty good configuration of both the cgroup access and an extensive apparmor profile which prevents all attacks that we are aware of. [...] LXC is no longer running as root so even if an attacker manages to escape the container, he’d find himself having the privileges of a regular user on the host”
