[gcoakes]

> - containers are each isolated in a VM (aka virtualized)

Why are you assuming containers are virtualized? Is there some container runtime that does that as an added security measure? I thought they all use namespaces on Linux.

[danappelxx]

It’s becoming standard as a security measure. See: Kata containers, Firecracker VM

[otterley]

Not so; neither Kata containers nor Firecracker are in widespread public use today. (Source: I work for AWS and consult regularly with container services customers, who both use AWS and run on premise.)

[danappelxx]

Ah, good to know!