| ▲ | messh 17 hours ago | |
Docker and vms are not the only options though... you can use bubblewrap and other equivalents for mac | ||
| ▲ | souvik1997 15 hours ago | parent [-] | |
True. bubblewrap and similar (Landlock, sandbox-exec on Mac) are solid lightweight options. The main difference is they still expose a syscall interface that you then restrict, vs WASM where capabilities are opt-in from zero. Different starting points, similar goals. Some advantages of building the sandbox in wasm, aside from the security benefits, are complete execution reproducibility. amla-sandbox controls all external side effects, leaving the wasm core as just "pure computation", which makes recording traces and replaying them very easy. It's great for debugging complex workflows. | ||