|
|
|
|
|
|
by trasz4
1123 days ago
|
|
|
For my particular case it's about something similar in purpose to sandboxing, but with providing the compartment (ie a process subtree) with an alternative kernel to talk to, to minimise the attack surface between that container and the host kernel. |
|
|