> how can you be sure that this "gnarly and imperfect" mess of a system is secure?
You can't.
But it's not like escaping a container is going to happen because of a simple bug. You need an exploitable vulnerability in the containerized app that creates a path to escaping the container.
But yeah, if you want to isolate an app for security reasons, then you need a VM.
Right, but if Docker allows us to package much more complicated applications (as opposed to being forced to simplify) that gives the bugs more room to hide and increases the risk of unforeseen interactions resulting in security bugs in the application.
So what I'm trying to say is that making complicated applications easier to deploy doesn't seem like a win unless you also mitigate the increased security risk that comes with more complicated applications.
You can't.
But it's not like escaping a container is going to happen because of a simple bug. You need an exploitable vulnerability in the containerized app that creates a path to escaping the container.
But yeah, if you want to isolate an app for security reasons, then you need a VM.