Comment by schmuhblaster
Comment by schmuhblaster 13 hours ago
Is there any reasonably fast and portable sandboxing approach that does not require a full blown VM or containers? For coding agents containers are probably the right way to go, but for something like Cowork that is targeted at non-technical users who want or have to stay local, what's the right way?
container2wasm seems interesting, but it runs a full blown x86 or ARM emulator in WASM which boots an image derived from a docker container [0].
In my opinion, having a container is currently the best trade-off in terms of performance and maintainability of the setup.