Docker sandboxes uses a MicroVM as an additional isolation layer - its not just containers (as also mentioned in the nanoclaw post)
replyThis still does not help with, you can call foo, but not bar. We have plenty of existing tooling for that too.
reply[flagged]
reply