Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Docker is just a shim on kernel isolation APIs. It’s not any different, but better packaged.

But irrelevant in this case. I dev on macOS. I’m not aware of any other options.



sandbox-exec. It's not great, but it's usable. https://igorstechnoclub.com/sandbox-exec/

> It’s not any different

It's very different. With docker on Mac you're running a VM which runs a wrapped up complete system that runs your app.

With selinux/sandbox-exec you run just your app and can skip the extra packaging needed for docker and mounts. (And get the extra performance)


Does selinux/sandbox-exec work on a Mac? Is this an apples to apples comparison?


sandbox-exec is a Mac exclusive thing.


Wow TIL




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: