I always find it weird when people talk about #isolation when discussing #container and #application approaches.
-
I always find it weird when people talk about #isolation when discussing #container and #application approaches.
Processes are generally "isolated" in virtual memory OSes.
That is what virtual memory is for.APIs are a necessity for access to resources, such as files.
While full access by default is convenient for many things, it is clearly not secure by design; quite the opposite.But policies are hard.
The culprit is that #security must not imply inconvenience.
Otherwise it becomes useless. -
I always find it weird when people talk about #isolation when discussing #container and #application approaches.
Processes are generally "isolated" in virtual memory OSes.
That is what virtual memory is for.APIs are a necessity for access to resources, such as files.
While full access by default is convenient for many things, it is clearly not secure by design; quite the opposite.But policies are hard.
The culprit is that #security must not imply inconvenience.
Otherwise it becomes useless.@CyReVolt I'm not sure what point you are trying to make
