Comment by mavdol04
1 month ago
I see what you mean, but i think there is room for both approaches.
If we want to isolate untrusted code at a very fine-grained level (like just a specific function), VMs can feel a bit heavy due to the overhead, complexity etc
What you really want to do is decouple the sandbox specification annotations from the sandbox implementation backend, yes?