[lmeyerov]

Good intro. I'd be curious how they do the syscall tracing, eg, strace logs as part of CI?

Funny enough, we've gone the reverse path for LLM AI-generated code sandboxing for louie.ai / Graphistry . We started with container isolation with careful network, volume, compute etc enablement first, and only now adding nsjail to the runners within the container as an extra defense layer.

The negative space is interesting too. We initially explored alternatives like wasm (too slow and underpowered for our generated python GPU analytics workloads) and firecracker vm (too unwieldy and unportable for our small team). As we do more k8s and enable more interactive data viz customization + web-scale static serving, would love to revisit both.

On which note, we have a bit of budget for someone to help harden the nsjail layer, if of interest!

[hhh]

I have yet to find a firecracker-style thing for k8s that is simple to deploy. Firekube seemed interesting, but is archived...

Liquid Metal from Weaveworks seems interesting but I don't even know where I would start.

[flurie]

Virtink[1] has been reasonably stable as long as you're okay with Cloud Hypervisor instead.

[1] https://github.com/smartxworks/virtink

[remram]

Kata just released a new version, it is the only thing that I've found easy to setup with k8s... though my experience running Docker-in-Kata hasn't been very good.

[lmeyerov]

We were looking at Kata as well, especially as an 'easier' firecracker, though I forgot why we didn't go further, and I've been curious why they seem to get little attention in practice

I believe part is portability, as they may require nested virtualization features to be available, and maybe QEMU overhead. Maybe also something about use in China vs elsewhere?

They (and QEMU) have been around a long time...