>>makebo+(OP)
Kind of almost off-topic: I'm working on a project where I must run possibly untrusted JavaScript code. I want to run it in an isolated environment. This looks like a very nice solution as I could spin up a microsandbox and securely run the code. I could even have a pool os live sandboxes so I wouldn't even experience the 200ms starts. Because this is OCI-compatible, I could even provide a whole sandboxed environment on which to run that code. Would that be a good use case for this? Are there better alternatives?
>>Swifty+KB
runsc / gVisor is interesting also as the runsc engine can be run from within Docker/Docker Desktop.
gVisor has performance problems, though. Their data shows 1/3rd the throughput vs. docker runtime for concurrent network calls--if that's an issue for your use-case.