|
|
|
|
|
|
by _0w8t
2737 days ago
|
|
|
The problem with using separated user accounts for isolation is that various applications assume that they either run as root (like various package managers) or need to start child processes with different user id. Sometimes this can be worked around, but overall the amount of efforts is very non-trivial. So people thought that instead of fixing the apps it was easier to fix the kernel. But this resulted in a big complexity with namespaces, capabilities, cgroups etc. |
|
|