|
|
|
|
|
|
by freeney
972 days ago
|
|
|
Running arbitrary user code inside a jail that doesn’t isolate networking might not be enough isolation. Also kernel mount namespace binds into the jailed env increases the attack surface. Great for some use-cases, but multi-tenant workloads might need a tighter setup?
I'm definitely going to give Windmill a try. It looks really cool! |
|
|