Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
WatchDog 5 days ago

Do these containers share a common kernel? Or are they each ran in a separate VM?

Edit: It's a VM per container. https://github.com/apple/container/blob/main/docs/technical-...

leshenka 5 days ago | parent [-]

Isn't it wasteful? I know it's a "tiny" vm but still is a vm

pjmlp 5 days ago | parent [-]

See Kata containers.

https://katacontainers.io/

For ultimate security, containers alone aren't enough.

Windows is also having a similar feature on top of WSL, announced at BUILD.

https://github.com/microsoft/mxc

Melatonic 5 days ago | parent [-]

Isnt this a micro VM and not a container? Confused

pjmlp 5 days ago | parent [-]

A micro VM than encapsulates a single container inside, two levels of protection.