|
|
|
|
|
|
by neoCrimeLabs
166 days ago
|
|
|
It depends on your threat model, but generally speaking would not trust default container runtimes for a true sandbox. The kata-containers [1] runtime takes a container and runs it as a virtual host. It works with Docker, podman, k8s, etc. It's a way to get the convenience of a container, but benefits of a virtual host. This is not do-all-end-all, (there are more options), but this is a convenient one that is better than typical containers. [1] - https://katacontainers.io/ |
|
|