|
|
|
|
|
|
by jacques_chester
2732 days ago
|
|
|
> The attack surface of a container can be massively reduced with seccomp profiles Yes, though as capabilities are added to the kernel, the profiles have to be updated. That said, VM or no VM, this should be done no matter what. > And let's not forget the recent CPU exploits which found that VMs aren't very separated after all. This is a nil-all draw in terms of the respective security postures, though. |
|
|