alt Hacker NewsI really wish we would’ve gotten something more like jails or zones. Or better yet put the containers in a jail or zone. Is there a comprehensive sandbox for Linux like the bsds have?
Replies
Havoc • today at 10:05 AM
Unprivileged LXCs get pretty close. Less unified design wise but on some aspects better - kernel escape doesn’t land you on a 0 UID
➕ show 1 reply
Worth noting that cgroups (kernel feature underlying containers) is "something more like jails or zones". Actually it is "something exactly like jails or zones".