| ▲ | eluded7 4 hours ago | |||||||
Personally I would probably always reach for a docker container if I want a sandboxed command that can run identically anywhere. I appreciate that alternate sandboxing tools can reduce some of the heavier parts of docker though (i.e. building or downloading the correct image) How would you compare this tool to say bubblewrap https://github.com/containers/ | ||||||||
| ▲ | hrmtst93837 an hour ago | parent | next [-] | |||||||
Docker shares the host kernel, so a container escape lands on your box, and bubblewrap stays lighter but it leak edges if you leave seccomp or fs mounts loose. Zerobox reads like a tool for per-command guardrails instead of image management. That trade looks saner for local runs, though it's new enough that I'd expect a few escapes before the rough egdes are gone. | ||||||||
| ▲ | ebb_earl_co 4 hours ago | parent | prev [-] | |||||||
The text says that it uses OS-level tools, specifically bubble wrap on Linux. | ||||||||
| ||||||||