I am not exactly sure about using containers (most likely you mean docker/podman) as sandboxes...
Please correct me wrong but for a better form of sandboxing, I would recommend something like microvm and the bottlefire thing which was recently shared if that might pique your interest as I found it to be interesting and then using it with something like https://github.com/Zouuup/landrun
There is also tinykvm and other projects too which can simply take a binary and run it and I think that maybe developers should also try out all the different sandboxes and different things just for understanding as well I suppose too. To me, I really like playing with different form of sandboxes or such technologies in general.
Also do note that I am not sure if bottlefire provides sandbox/isolation by default as they mention Sandbox with Landlock seperately so I am now a bit confused if they provide sandbox by default or not as I previously thought it might have.
Sure, there are many ways to achieve the same end of limiting blast radius, but that's not really the point here: the point is that we should dismiss projects like this solely because something might go wrong, especially when there are ways to mitigate against real damage.
Please correct me wrong but for a better form of sandboxing, I would recommend something like microvm and the bottlefire thing which was recently shared if that might pique your interest as I found it to be interesting and then using it with something like https://github.com/Zouuup/landrun
There is also tinykvm and other projects too which can simply take a binary and run it and I think that maybe developers should also try out all the different sandboxes and different things just for understanding as well I suppose too. To me, I really like playing with different form of sandboxes or such technologies in general.
Also do note that I am not sure if bottlefire provides sandbox/isolation by default as they mention Sandbox with Landlock seperately so I am now a bit confused if they provide sandbox by default or not as I previously thought it might have.