Comment by mavdol04

1 month ago

I see what you mean, but i think there is room for both approaches.

If we want to isolate untrusted code at a very fine-grained level (like just a specific function), VMs can feel a bit heavy due to the overhead, complexity etc

1 comment

mavdol04

Reply
quotemstr  1 month ago

What you really want to do is decouple the sandbox specification annotations from the sandbox implementation backend, yes?