Hacker News new | past | comments | ask | show | jobs | submit
wmf | on: Show HN: Sub-millisecond VM sandboxes using CoW memory forking
It's pretty common to run VMs within containers so an attacker has to escape twice. You can probably disable 99% of system calls.