HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Quark – A secure container runtime with CRI/OCI interface(github.com)

24 points·by andutu·2 yıl önce·2 comments
github.com
Quark – A secure container runtime with CRI/OCI interface

https://github.com/QuarkContainer/Quark

2 comments

BobbyTables2·2 yıl önce
Is there any real point to this?

Is this effectively anything more than a syscall filtered container?

To me, relaying syscalls from a guest in a VM to a host sounds like it is defeating the whole point of the VM!

At least normally a VM doesn’t have direct access to host syscalls — it is confirmed to the emulated block and network devices which (should) provide a constrained means of access.

Container escapes often happen because of exposure to host kernel interfaces (via syscalls!), and kernel file systems such as /sys and /proc (especially /proc/self shenanigans).

I fear they have reinvented a container, much less efficiently.
kjok·2 yıl önce
Very cool! Curious to know the use cases for this tech?