Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Probably slightly more complicated that. Each and every isolation layer can be broken. Why are we using just one?

Run well written software. As a user. In a cgroup. With SELinux. On a VM. On Different Tin. With a security monitoring. Patch.



>Run well written software. As a user. In a cgroup. With SELinux. On a VM. On Different Tin. With a security monitoring. Patch.

The analogy you're trying for is surely not that this is as likely to solve the deployement problem for most people just as "Eat food. Not too much. Mostly Plants" is to solve the obesity epidemic for most people ? Not at all ?


No, not most people. Industry professionals deploying applications using frameworks that help with the problem.

I probably wouldn't want a fat PT, the same I don't want my sysadmin to be running apps as root.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: