Which security control is most effective at preventing container breakout attacks where a compromised container attempts to access the host OS?
-
A
Encrypting container volumes at rest
-
B
Running containers as non-root with read-only filesystems and seccomp profiles
-
C
Using multi-stage Docker builds to reduce image size
-
D
Enabling container image signing with Notary