I’ve read that standard containers are optimized for developer productivity and not security, which makes sense.

But then what would be ideal to use for security? Suppose I want to isolate environments from each other for security purposes, to run questionable programs or reduce attack surface. What are some secure solutions?

Something without the performance hit of VMs

  • AggressivelyPassive@feddit.de
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Each VM needs a complete OS, though. Even at 100% efficiency, that’s still a whole kernel+userspace just idling around and a bunch of caches, loaded libraries, etc. Docker is much more efficient in that regard.

    • Saik0A
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      And LXC even more efficient in that regard.

      Docker does load a bunch of stuff that most people don’t need for their project.

      I don’t know why LXC is always the red-headed stepchild. It works wonderfully.