[icebraining]

I have to admit that I'm quite confused about this comment. Are you saying simply running a command under its own uid is enough to provide the same isolation that containers do, and that the latter were only created because people are not running Linux natively?

[g82918]

I think he is saying there are a lot of 80% solutions like user based isolation that could have been made more secure, but instead people invented a new solution that has its own problems, and that the fractured landscape of solutions we see now is due to the freedom of open source.

[dsr_]

Run application:

- under its own userid

- in its own namespace for mount, network, process-id, user-id, ipc, uts and control groups

and presto, you are running in a container.