alt Hacker NewsDocker containers use cgroups and namespaces etc (the usual kernel level isolation)
Docker sandboxes use microvms (i.e. hardware level isolation)
Bubblewrap uses the same technology as containers
I am unsure about seatbelt.
Docker containers use cgroups and namespaces etc (the usual kernel level isolation)
Docker sandboxes use microvms (i.e. hardware level isolation)
Bubblewrap uses the same technology as containers
I am unsure about seatbelt.