Hacker News new | past | comments | ask | show | jobs | submit login

Containers provide resource limits but not necessarily safety. The ABI surface is too large. You kind of need the code inside them to be secure.



Hmm, what large surface? You only need like a couple of syscalls for an image decoder, it doesn't need anything else from the OS and is supposed to be short-lived.


> You only need like a couple of syscalls for an image decoder, it doesn't need anything else from the OS and is supposed to be short-lived.

Not if you're going to take advantage of hardware acceleration.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: