

Sandboxing Code in the Era of Containers - joaojeronimo
https://medium.com/aws-activate-startup-blog/sandboxing-code-in-the-era-of-containers-294edb3a674

======
mirashii
Generally, the common wisdom is still that Docker, lxc, and linux containers
in general haven't been audited and hardened enough to use for multi-tenant
isolation, so this seems like an odd choice. The article doesn't talk at all
about even doing some of the common hardening people might do in these
circumstances (limit syscalls with seccomp, get rid of suid binaries, grsec,
AppArmor).

I'd be extremely hesitant to trust the sandboxing here.

~~~
DannoHung
I don't know if you saw the story about Joyent's Triton dealie-majig yesterday
or not: But do you know if the Solaris Zones are considered secure enough for
multi-tenancy?

I'm excited about giving that a try, but I'm trying to find out if anyone has
really different opinions on how well it can/will work. So far people seem to
be really, really positive and I haven't seen much skepticism/criticism yet.

~~~
mirashii
Solaris zones have been around much longer, and have undergone audits and also
been used for multitenancy in production for almost 10 years now. The new LX
brand may have some new surface that it's worth auditing, but in general
Solaris zones are probably, to my knowledge, the most trusted OS-level
virtualization system amongst the major contenders. Disclaimer: I was a Joyent
customer and have a few friends and acquaintances who work there still.

