[lolinder]

I think you're missing my point: you are saying that it is one of the benefits, but they don't because it isn't one. Containers are not a security solution for running untrusted code. You saying they are does not make it so.

> And if the kernel is shared with the host, that's a read-only share.

No, it's not, the kernel is reading and writing files constantly for the container. A bug in the kernel could be exploited to break the sandbox, which isn't possible in a true VM.

[OutOfHere]

There is no such thing as perfect security. Partial security is much better than none at all. Containers go a long way in this regard. All code is untrusted.

[lolinder]

> Partial security is much better than none at all.

Only if you don't let down your guard because it's "secure". Again, there's a reason why they don't claim it's secure and everyone says to not treat containers as a sandbox.

[OutOfHere]

The only people here who are letting their guard down are ones who're not even using a container/jail/VM for each project. JetBrains encourages this by not providing the container integration features for free.

[lolinder]

We're going in circles and I'm done engaging with you.