>>simonw+(OP)
as a guy who is not in loop with all these sandbox developments, I apologize for this extremely stupid question. Why do we need any of these sandboxes? Why cant we use docker? I thought it was a solved problem 10 yrs ago?
>>vivzke+uo
Maybe it's concerns about docker chroot escape? I'm not sure what the current consensus is on how "secure" docker is, but in the past I've heard you shouldn't assume an app in a container is fully isolated from the "host" system.