Y
Hacker News
new
|
ask
|
show
|
jobs
by
folex
1615 days ago
I'd say that article compares WebAssembly to Docker/moby/other container runtimes, not k8s.
1 comments
joshuanapoli
1615 days ago
Even so, the scope is different. I don’t use WebAssembly to define networks. Limiting privilege within the WebAssembly runtime is weaker than limiting it at the OS namespace.
link
folex
1615 days ago
It depends on specific WASM runtime implementation, but usually you have to be explicit about allowing each syscall.
link