Either docker or a kernel level exploit. With non-VM containers, you are sharing a kernel.