Y
Hacker News
new
|
ask
|
show
|
jobs
by
viraptor
871 days ago
Docker runs container as the user you tell it to. Same with nspawn. There's not much difference there in that respect.
Nspawn does seccomp-based filtering, similar to the usual systemd services.