I found information online that argued that sandboxing was better for security isolation than virtualization. What do VMs have that an excellent SELinux labeling policy doesn’t have? What is sandboxing alone not shielding from attackers and probes?
Some virtualization methods are more system resource demanding than others. KVM is “lighter” than bloat Oracle, for example. Containers require even less system memory. I have a computer that can just barely support Virtual Box but probably can support KVM if I get RADs right for the WS.
But this got me thinking about containers. Would a Kicksecure container be any good? What about GW and WS in separate containers? Even more compartmentalization between WS and GW that way?
How important is full kernel abstraction with VMs for secure isolation? What do containers lack? There is profiling information that is kept confidential through virtualization that may be exposed by sandboxing?
Some one might feel “threatened” by expensive computers so economy containerization if possible might be good to develop. Leads to some interesting questions and learning experiences anyway.
https://forum.qubes-os.org/t/qubes-certification-for-tempest-emi-protected-computers-mil-std-461/22397/7