docker security kubernetes sandbox kata-containers

Can kata containers be used as a sandbox to run untrusted code?

Kata containers is trying to make containers secure by providing more isolation.

lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.

If I am building a playground/code fiddle (something like ideone), are they secure enough to compile and run untrusted code?

Is this a good/intended use for this type of containers?

Solution

Any type of workload can potentially be used by Kata Containers, just like regular containers. The idea behind them is providing the VM isolation that you don't get with regular containers. You can use Kata Container with Docker and Kubernetes.

You can achieve a decent level of isolation with regular containers using things like seccomp, SELinux, Capabilities, and/or AppArmor but it can get quite complicated. Kata Containers offers a simpler alternative to that.

MongoDB Authentication Issues with Node.js and Mongo-Express in Docker Compose setup
How to run two commands on Dockerfile?
How to pull every single image (tag or untagged) from AWS ECR?
Why is my service not getting started when added depends on, in docker compose file
Getting code 2 while building with dockerfile
What is the docker registry v2 API endpoint to get the digest for an image?
Gitlab runner using dind results in error server misbehaved
How to install git on a docker ubuntu image?
Why doesn't CSS work when I deploy the Next.js sample project in production?
How to Enable Docker layer caching in Azure DevOps
Minikube "icacls failed applying permissions "
How do I start a gitlab-ce container via docker-compose with admin credentials already set up?
Configure Docker to use a proxy server
npm install takes forever when running docker-compose
Is there a way to get the Docker Hub username of the current user?
Can not connect to ClickHouse via Apache Airflow (all inside Docker)
containerd client + soci snapshotter: http: server gave HTTP response to HTTPS client
How to force 'docker login' command to ignore existing credentials helper?
How to force Docker for a clean build of an image
How do you fix a docker push error, tag does not exist?
How to run a cron job inside a docker container?
MXE Qt5 application builds fail in Docker container
Docker compose Invalid volume destination path: '.' mount path must be absolute
Connecting SQL Server on Docker to Python
Docker - Bind for 0.0.0.0:4000 failed: port is already allocated
How can i solve "unable to prepare context: path "Dockerfile.xxx" not found" error
How to configure NGINX to use multiple subdomains on local network to service more than one application?
How to deploy Angular 17 with SSR with Docker?
MaxScale doesn't connect to Galera Cluster
Combine several docker images to avoid long build times