One factor might be that the argument assumes you're actually using/thinking about kernel security features, like SELinux.
That is, if not many people love SELinux and friends (https://utcc.utoronto.ca/~cks/space/blog/linux/SELinuxUsability), then popular pressure to fix the kernel bypasses would naturally be low.
It seems to me containers have so much potential, and are so affected by weak kernels, that they could become a major motivation for change. (Technically they may use SELinux, but most of the time we think of them in terms of namespaces).
Because not enough people care about the kernel security features?
That is, if not many people love SELinux and friends (https://utcc.utoronto.ca/~cks/space/blog/linux/SELinuxUsability), then popular pressure to fix the kernel bypasses would naturally be low.
It seems to me containers have so much potential, and are so affected by weak kernels, that they could become a major motivation for change. (Technically they may use SELinux, but most of the time we think of them in terms of namespaces).
-- Alan Jenkins