Comment by viraptor
2 years ago
Docker runs container as the user you tell it to. Same with nspawn. There's not much difference there in that respect.
Nspawn does seccomp-based filtering, similar to the usual systemd services.
2 years ago
Docker runs container as the user you tell it to. Same with nspawn. There's not much difference there in that respect.
Nspawn does seccomp-based filtering, similar to the usual systemd services.
No comments yet
Contribute on Hacker News ↗