alt Hacker NewsI just don't trust the Linux kernel to effectively isolate processes anymore. Don't care if you're using user namespaces, seccomp, etc. There will be a bug.
Time for Micro VMs, they're a stronger security boundary (not perfect, stronger)
Replies
m463 • yesterday at 7:29 PM
what about selinux?
You can't really do anything useful with a VM either unless you start punching holes in those boundaries.