yosh on Nostr: npub1c4k22…wzxvw But yeah to answer your question: yeah the isolation is actually ...
npub1c4k22r4x370749ucypzn3t0jaxnh3zerwgfp287hv09mqwkpkcaq7wzxvw (npub1c4k…zxvw)
But yeah to answer your question: yeah the isolation is actually stronger than that of a container.
Containers somewhat famously aren’t considered “security boundaries” — meaning they don’t actually guarantee any sandboxing properties. Or at least not much more than processes do. VMs are designed for security first. And that makes them more expensive to run — but in turn provide stronger isolation guarantees.
But yeah to answer your question: yeah the isolation is actually stronger than that of a container.
Containers somewhat famously aren’t considered “security boundaries” — meaning they don’t actually guarantee any sandboxing properties. Or at least not much more than processes do. VMs are designed for security first. And that makes them more expensive to run — but in turn provide stronger isolation guarantees.