User namespaces recently got merged into libcontainer (which is used as the default backend for sandboxing in Docker). There is 1 technical question left to resolve to enable it by default: how to abstract away the concept of UID mapping, and how does it impact sharing of volumes between containers? There is an ongoing technical discussion, I am optimistic that we will find a solid solution soon but don't want to make any promises we can't keep.
In addition to user namespaces, and the obvious sVirt / SELinux bits Dan W from Redhat has been contributing, what features / enhancements are necessary for docker to be considered mostly secure?
For reference I run all of my apps as different containers with different users on my own server. I then have iptables rules to block any outbound internet connections for containers that shouldn't. It was hilarious to see when someone hacked my wordpress install running in a container and managed to write out a perl daemon using a rexec bug in wp. But when it tried to contact its C&C server, iptables dropped it and ossec notified me. In a perfect world, I'd do something similar, but root inside the container would map to != uid 0 on the host. I'm just curious if there is anything else you consider necessary to deem docker more "secure" than it currently is.
