[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: OS-level virtualization
On Tue, Apr 06, 2021 at 12:29:31PM -0400, Aaron B. wrote:
> It's just the same chroot system call under the hood. And currently,
> that's all there is. The kernel simply doesn't have any other way to
> isolate processes at the time.
Well, there is kauth(9), which can be extended by specific listeners
(but AFAIK nothing shrink-wrapped is shipped with the base OS).
Main Index |
Thread Index |