Application Sandboxes vs. Containers

Container Camp SF 2016 - Blog post - Jessie Frazelle - Docker maintainer and engineer at Mesosphere. This talk will cover the differences between application sandboxes and containers. The most well known sandbox is Chrome, for providing "hard guarantees about what ultimately a piece of code can or cannot do no matter what its inputs are". At its core, the Linux Chrome sandbox uses namespaces along with seccomp and other native features to provide these guarantees. Containers are composed of the same primitives. What is needed for containers to provide this promise? Can it be done by default? What steps are already being made to get towards containers that actually "contain"? What challenges will be faced?
Length: 22:47
Views 1320 Likes: 14
Recorded on 2016-04-15 at Container Camp USA
Look for other videos at Container Camp USA.
Tweet this video