Hacker News new | ask | show | jobs
by graemep 44 days ago
They may not provide isolation as VMs but they clearly do limit some attacks. VMs do not provide the same isolation as using physically separate hardware either.

I would have thought they provide better isolation than using multiple users which is the traditional security boundary.

It might depends on what you mean by a container? Are sandboxes such as Bubblewrap and Firejail containers?
1 comments
anygivnthursday 43 days ago
> It might depends on what you mean by a container?

The article was about Podman and Linux namespaces

link
graemep 43 days ago
I understood the comment I replied to (and many similar comments that are regularly made on HN) as talking about containers in general.

Namespaces are used as a security mechanism.

link