Add a vault of malicious test cases to break out of the container, verify that the container stops each of them in the expected way.

Example 'bad' things to test:

• container configurations and mis-configurations
• in-container scripts & binaries reading files, opening sockets, or accessing memory they shouldn't
• in-container access/manipulation of enclosing docker instance
• in-container failure modes resulting in privilege escalation: compiler crashes, buffer overflow, out-of-memory, out of sockets
• docker failure modes compromising isolation: daemon corruption or crash, OOM, out of sockets, process or IO starvation