Fred Morris: > Root... > > On Fri, 26 Feb 2021, IL Ka wrote: > > I am not a security expert, but I believe it should be possible to create a > > virtual machine dedicated to email processing. > > If an attacker breaks it and gets root privileges on this machine it still > > wouldn't do much harm to the other services. > > ... in Docker is root on your machine. Trust me on that... or don't. > > There is currently some interest in microkernels for VMs, I'm kind of in > the "wait and see" phase.
Does a per-container minimized kernel count? https://gvisor.dev/ Wietse
