Y
Hacker News
new
|
ask
|
show
|
jobs
by
throwaway984393
1572 days ago
I consider cgroups an administrative layer, not a security layer. They're for keeping apps from accidentally blowing up the host, not to prevent them hacking it. If you want security with containers, use Firecracker.