Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Docker containers use cgroups and namespaces etc (the usual kernel level isolation)

Docker sandboxes use microvms (i.e. hardware level isolation)

Bubblewrap uses the same technology as containers

I am unsure about seatbelt.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: