Compared with Docker, Sandboxed-Container enables your applications to run in sandboxed, lightweight virtual machines, each of which is equipped with a dedicated kernel and provides better isolation and enhanced security.

Sandboxed-Container is particularly suitable in scenarios such as untrusted application isolation, fault isolation, performance isolation, and load isolation among multiple users. It provides enhanced security, has little impact on application performance, and offers the same user experience as Docker in terms of logging, monitoring, and elastic scaling.

Architecture

Features

Sandboxed-Container has the following features:
  • Strong isolation based on sandboxed, lightweight virtual machines.
  • Good compatibility with runC in terms of application management.
  • High overall performance that equals 90% the performance of applications based on runC.
  • The same user experience as runC in terms of logging, monitoring, and storage.
  • Supports RuntimeClass (runC and runV). For more information, see RuntimeClass.
  • Easy to use with low skill barriers.
  • Higher stability in contrast with Kata Containers. For more information about Kata Containers, see Kata Containers.