|
|
|
|
|
|
by Polyisoprene
2849 days ago
|
|
|
Containers have more than just filesystem namespacing. You also get a network namespace, process namespace, user namespace and ability to set cpu/memory limits. Since you would have a container for each application, you have an easier time setting and testing restrictive apparmor/selinux capabilities and even get some hardening out of the box. Sure you could get them without containers, but the whole benefit is doing it in a standard, easy way. |
|
|