(lwn.net)

186 points ahlCVA | 3 comments | 19 Sep 25 15:29 UTC | HN request time: 0.218s | source

1. 9cb14c1ec0 ◴[19 Sep 25 20:36 UTC] No.45306246[source]▶

It would be interesting to see a detailed security assessment of this. Would it provide security improvements over docker?

replies(2): >>45307627 #>>45310967 #

2. eqvinox ◴[19 Sep 25 22:42 UTC] No.45307627[source]▶

>>45306246 (TP) #

Docker is the wrong thing to compare against, especially considering it is an application and not a technology; the technology would be containerization. This competes against hardware virtualization support, if anything.

3. esseph ◴[20 Sep 25 06:30 UTC] No.45310967[source]▶

>>45306246 (TP) #

If you want some security improvements, move from docker to podman rootless + distroless containers.

If you need more security/isolation, go to a VM or bare metal.

↑

Kernel: Introduce Multikernel Architecture Support