I Hacked Play-With-Docker and Remotely Ran Code on the Host
cyberark.comWhat an awesome hacking session. Very nice angle on writing their own kernel module. Thanks for posting this!
TL/DR: Docker runs "Play with docker" service, and they did not block insmod there, nor did they block access to the boot disk. Wow! To quote the author:
> The reason is quite simple: PWD uses a privileged container
This is such an obvious failure that I wonder how it could even get into production.
They probably wanted to support docker in docker.