|
|
|
|
|
|
by tastyeffectco
14 days ago
|
|
|
Yes, but not fully!
each sandbox have all linux capabilities! runs with no-new-privileges, a read-only rootfs! capped limits on PID and Memory, network isolated per design!
all that said! this is not a VM isolation level like Firecracker for example, but quit enough for most use cases for early stage products or entreprise internal products |
|
|