|
|
|
|
|
|
by superboum
2359 days ago
|
|
|
dns, network and ntp services are run in separate processes. These processes are sandboxed in a more effective manner than chroot (namespaces, capabilities, etc.).
Moreover, systemd itself relies heavily on Linux sandboxing tools (like cgroups). |
|
|