"much better isolation than containers"
replyIf you've got an exploit for docker / linux containers, please share it with the class.
What I'm saying is that in practice, containers and VMs have both been quite secure.
Also, you can configure docker to run microvms too https://github.com/firecracker-microvm/firecracker-container...
We want to protect against the unknown, not the known. The less surface area, the better, and containers have much wider surface area than VMs. Both had their faults, of course.
reply