Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

bubblewrap is actually worse - there are known escapes in there that haven't been fixed for years


It is the most widely used sandbox layer for pretty much everything. What escapes are you talking about? Are we supposed to take your word for it? Come on


Wait. What? What escapes? Is it that bubblewrap not faithfully implement the policy you give it or that there are surprising gaps in the kernel's namespace isolation?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: