I posted this question on stackoverflow:
before I go full bore kubernetes or apcera; are default docker containers PCI compliant? Would VLANs improve the security or is UDP over 8235 just too open to invalidate VLANs or show the bare metal and metadata be used to support the VLAN structure?and I think I understand why G+ and FB only have +1 & like buttons; but that’s for another time. In this case I’ll answer my own question. Docker is no less vulnerable and may actually be more vulnerable. Once the host OS has been compromised all of the guests are vulnerable. You might have access to memory through a debugger on the host with root access and the right amount of experience debugging containers.