|
|
|
|
|
|
by thefr0g
1712 days ago
|
|
|
> x11docker is just a (very convenient) security layer for containers which need to expose graphics (and possibly webcam, audio, networking, clipboard, printers...). Kata Containers are just "micro VMs" where you spin up a separate kernel to drop the container into. Yeah, thats what I meant, you can just use kvm and your gui/audio/etc. stuff directly instead of having all the unnessecary complexity and dependency those layers bring along. > Bubblewrap is okay if you trust your kernel Thats why I proposed it for when you don't need virtualisation. You can ofc also use it in a VM to further restrict processes. |
|
|
Kata or crosvm are kind of the only games in town as far as "micro VMs" go.