consider a treat model where the contents of the virtual instance is extremely hostile. Both on memory access abuse, cpu instructions exploits and network. Not to mention attempts to abuse convenience features such as mounting host filesystem inside etc. there are many containerd alternatives, but they all seem to sacrifice […]