alt Hacker NewsDocker sandboxes uses a MicroVM as an additional isolation layer - its not just containers (as also mentioned in the nanoclaw post)
Docker sandboxes uses a MicroVM as an additional isolation layer - its not just containers (as also mentioned in the nanoclaw post)
This still does not help with, you can call foo, but not bar. We have plenty of existing tooling for that too.