| ▲ | pploug 5 hours ago | |
Docker sandboxes uses a MicroVM as an additional isolation layer - its not just containers (as also mentioned in the nanoclaw post) | ||
| ▲ | verdverm 4 hours ago | parent [-] | |
This still does not help with, you can call foo, but not bar. We have plenty of existing tooling for that too. | ||