Y
Hacker News
new
|
ask
|
show
|
jobs
by
bjoli
135 days ago
IIRC they went for policy based sandboxing with Seatnelt and SIRP. That is pretty darn nice for gui apps, but not very good for things like containers.