I found VM to be on-par with Docker. Sure, the initial provision takes time, but... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		skwee357 43 days ago \| parent \| context \| favorite \| on: Isolating Claude Code I found VM to be on-par with Docker. Sure, the initial provision takes time, but this is true to for initial Docker build as well. I know that worrying about sharing kernel with the Docker container, is probably light paranoia, but I really don't trust agents to not run malicious code.

nezhar 43 days ago [–]

Distributing pre-built images can help minimize this: https://hub.docker.com/r/nezhar/claude-container/tags.

I'm not sure how large the image becomes on the VM or if the distribution process is straightforward.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact