It’s an app manager.
There’s no sandboxing, and not much security in general.
I guess I meant sandboxing resources via cgroups, which is distinct from a security sandbox perhaps. (I actually don't know but AFAIK isolation is the default in Docker and you have to explicitly connect containers.)
reply