I want to create web services that will be distributed as docker containers on my platform.
Running Docker on a physical machine is faster in comparison to running it in a VPS, as there is no overhead from a virtual OS layer. However, a VPS is more maintainable when the software in the environment crashes the system.
I am wondering what will happen if the environment in a Docker container gets hacked, or corrupts the OS because of either bugs/exceptions or external attacks. Can it influence the host system, and cause the entire machine to become either corrupted or crash?
Would you recommend running Docker physically or within a virtual machine?
The Docker guest shares the kernel with the host. As a result any kernel exploits/corruption would affect the host.
Docker security seems complicated though. I'd recommend reading this http://docs.docker.com/articles/security/ and being very careful about the users you use in your containers.