| ▲ | jt2190 5 days ago | ||||||||||||||||
> container runs containers differently. Using the open source Containerization package, it runs a lightweight VM for each container that you create. This approach has the following properties: > - Security: Each container has the isolation properties of a full VM, using a minimal set of core utilities and dynamic libraries to reduce resource utilization and attack surface. > - Privacy: When sharing host data using container, you mount only necessary data into each VM. With a shared VM, you need to mount all data that you may ever want to use into the VM, so that it can be mounted selectively into containers. > -Performance: Containers created using container require less memory than full VMs, with boot times that are comparable to containers running in a shared VM. More details, including technical limitations (they’re looking for bug reports and contributions): “Container: Technical Overview” https://github.com/apple/container/blob/main/docs/technical-... | |||||||||||||||||
| ▲ | mikepurvis 5 days ago | parent [-] | ||||||||||||||||
Sounds like a lot of the same choices/compromises that are in wsl2. | |||||||||||||||||
| |||||||||||||||||