Comment by neoCrimeLabs
1 month ago
It depends on your threat model, but generally speaking would not trust default container runtimes for a true sandbox.
The kata-containers [1] runtime takes a container and runs it as a virtual host. It works with Docker, podman, k8s, etc.
It's a way to get the convenience of a container, but benefits of a virtual host.
This is not do-all-end-all, (there are more options), but this is a convenient one that is better than typical containers.
No comments yet
Contribute on Hacker News ↗