Skip to content

blog: What Your Container Can See#26

Draft
PeronGH wants to merge 1 commit intomasterfrom
blog-post-railleak
Draft

blog: What Your Container Can See#26
PeronGH wants to merge 1 commit intomasterfrom
blog-post-railleak

Conversation

@PeronGH
Copy link
Copy Markdown
Contributor

@PeronGH PeronGH commented Apr 13, 2026

Summary

  • New blog post on Railway container information leaks and shared-kernel isolation limits
  • Covers co-tenant storage visibility, hardware identifier exposure, live deploy log leaks, and seccomp/AppArmor gaps
  • Explains why ArcBox chose Firecracker microVMs instead

Copilot AI review requested due to automatic review settings April 13, 2026 04:40
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages bot commented Apr 13, 2026

Deploying arcbox-landing with  Cloudflare Pages  Cloudflare Pages

Latest commit: eabb91e
Status:🚫  Build failed.

View logs

Copilot AI reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new security-focused blog post detailing what information a containerized workload can observe on a shared-kernel PaaS (using Railway as the case study) and explains ArcBox’s choice of Firecracker microVM isolation.

Changes:

  • Introduces a new post describing observed cross-tenant visibility surfaces (storage inventory, ZFS debug logs, hardware identifiers).
  • Summarizes mitigations (seccomp/AppArmor) and highlights profile differences across host classes.
  • Compares shared-kernel containers vs Firecracker microVM isolation and the resulting leak surface.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread content/blog/what-your-container-can-see.md
author:
- peron
published: true
featured: false
Copy link

Copilot AI Apr 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The blog listing layout assumes the most recent post has a cover image (it renders featured.data.cover! in src/app/(landing)/blog/(list)/layout.tsx). Since this post will sort newest by date, missing cover will likely cause the featured card image to break at runtime. Add a cover: "/blog/cover/..." frontmatter field (and ensure the referenced asset exists).

Suggested change
featured: false
featured: false
cover: "/blog/cover/what-your-container-can-see.jpg"

Copilot uses AI. Check for mistakes.
Comment thread content/blog/what-your-container-can-see.md

Last month we reverse engineered Claude Code web and found Anthropic runs it on Firecracker microVMs. In the replies, we assumed Railway does the same. Railway's CEO corrected us.

![](/blog/railway-ceo-reply.jpg)
Copy link

Copilot AI Apr 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The inline image uses empty alt text (![](...)), which reduces accessibility for screen readers and makes the image meaning opaque if it fails to load. Provide a descriptive alt text consistent with other posts (e.g., ![Railway CEO reply confirming isolation approach](/blog/railway-ceo-reply.jpg)).

Suggested change
![](/blog/railway-ceo-reply.jpg)
![Railway CEO reply correcting the isolation assumption](/blog/railway-ceo-reply.jpg)

Copilot uses AI. Check for mistakes.
Comment thread content/blog/what-your-container-can-see.md

## Hardware identifiers are exposed

DMI fields in `/sys/devices/virtual/dmi/id/` expose the EC2 instance ID (`i-00324773470d2b0d8`) and VM UUIDs. NVMe sysfs exposes EBS volume serials (`vol-0b0ac4208526f2fef`). `/proc/cpuinfo` gives CPU model and microcode revision. On bare metal: QEMU VM UUID `400bee01-cb61-49d4-9c5f-2298c7f14d26`, SeaBIOS 1.16.2, AMD EPYC 9655P at microcode `0xb00215a`.
Copy link

Copilot AI Apr 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This post includes specific infrastructure identifiers (e.g., EC2 instance ID, EBS volume IDs/serials, VM UUIDs). Even if observed from inside a container, publishing real identifiers can be considered sensitive and may create unwanted operational/security exposure. Consider redacting/anonymizing these values (e.g., i-…, vol-…, UUID elision) while keeping the technical point intact.

Suggested change
DMI fields in `/sys/devices/virtual/dmi/id/` expose the EC2 instance ID (`i-00324773470d2b0d8`) and VM UUIDs. NVMe sysfs exposes EBS volume serials (`vol-0b0ac4208526f2fef`). `/proc/cpuinfo` gives CPU model and microcode revision. On bare metal: QEMU VM UUID `400bee01-cb61-49d4-9c5f-2298c7f14d26`, SeaBIOS 1.16.2, AMD EPYC 9655P at microcode `0xb00215a`.
DMI fields in `/sys/devices/virtual/dmi/id/` expose the EC2 instance ID (`i-`) and VM UUIDs. NVMe sysfs exposes EBS volume serials (`vol-`). `/proc/cpuinfo` gives CPU model and microcode revision. On bare metal: QEMU VM UUID `400bee01--2298c7f14d26`, SeaBIOS 1.16.2, AMD EPYC 9655P at microcode `0xb00215a`.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 0 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@PeronGH