O'Reilly logo
  • Chi won Choi thinks this is interesting:

Linux kernel namespaces to sandbox different applications running on the same computers

From

Cover of Learn Docker - Fundamentals of Docker 18.x

Note

vmware use hypervisor and can contorl/filter kernel attack. but container is didn't use hypervisor and can't blocking it