Y
Hacker News
new
|
ask
|
show
|
jobs
by
chrisweekly
17 days ago
Or put it in a microvm using eg smolmachines.
2 comments
causal
17 days ago
I've never used smolmachines but I'm curious; why this over a container?
link
apitman
17 days ago
Containers are not security boundaries. Vulnerabilities in containers are much more common than in VMs.
link
chrisweekly
17 days ago
Kernel-level isolation is a significant security differentiator, for starters.
https://github.com/smol-machines/smolvm#comparison
shows a good comparison table.
link
bionade24
17 days ago
Using runsc instead of runsc means that there's a hypervisor layer (gvisor, probably) in-between the kernel and the container userland
link