Linux namespaces are quite flexible and aren't used just for docker style containerization. In some use cases having a shared user namespace makes sense.
Docker just doesn't use the provided interface by default.
Which is a shame because a lot of users don't bother or don't know they should bother to configure it.
I think that's kind of a 'we don't care about security' move by docker and given its userbase that's a real problem.
Hmm, i come from a Solaris/BSD background, Jailing (or containerize) a application was all about security, second manageability, and third re-usability. Kind of crazy that Docker ignored the most important thing in the Container-Concept (which can be, run un-trusted code on your trusted platform.)
Docker really is a power tool for developers, especially for freelancers needing to hop customer environments on their own notebook, and excels at that. The problem is the leap of pushing this guerilla tactics into running containers in prod. It's a result of the "move fast and break shit", web-scale, startup, and other agile narrative of the 2010s. And the industry has sure catered for these consumerisation of IT, with outlandish complexity in k8s, depressing oligopolization, and younger developers demanding such technologies to pad their resumes.
