A lot of words on that one, Not sure if you're the author of the paper. But off the get go, I'm extremely confused. I wanted to give my critique on the paper instead of the technology. My experience with "user-space sandboxing" is kernel user-namespaces. My interface to them is podman. It's not clear what this "sandbox" offers that podman's rootless mode does not. I believe I'm in the majority with experience in containerization. But you're grounding this paper in "two prime examples of sandbox: Gentoo's sandbox and Exherbo's sydbox" -- things most people have probably never used. This for me raises the question: when would I want "Gentoo's sandbox and Exherbo's sydbox" over kernel user-namespaces and podman?
I don't see that answer immediately and so my desire to continue reading drops significantly. This is only constructive criticism, maybe I'm not your desired audience but the title was interesting enough for me to jump in. -- Evan Carroll - m...@evancarroll.com System Lord of the Internets web: http://www.evancarroll.com ph: 281.901.0011 <+1-281-901-0011>
