Ask HN: Best container runtime for process isolation / security?
4 by capableweb | 4 comments on Hacker News.
I'm currently considering a project where containers could be used to quickly spin up resources. Trick is, one user would "own" one container, meaning that isolation between containers and isolation between the host/container is important. Most runtimes I've looked at, don't really offer anything in terms of security isolation, and also don't make a lot of guarantees. Seems I'll end up using VMs so I can get proper isolation. But maybe I've missed something, and you people here know any good solution for this. Point is to have fast startup time of the container/VM and also good isolation between the containers/VMs themselves, and between the container/host. This is all supposed to run on self-hosted infrastructure and without Kubernetes et all, so Lambda and all "container-as-a-service" things are N/A