The sandbox degradation path (Firecracker, Linux namespaces, SafeFallback) is really pragmatic. Most projects in this space just skip the isolation story entirely. What's the latency overhead like for a typical tool call going through the Firecracker vsock path vs SafeFallback?
It is now fully functional, thoroughly tested. Given the multitude of available applications that are probably more practical than Lula, I just wanted to show /share this and hope that it finds at least some application somewhere!
This is another project I'll take this opportunity to share:
The sandbox degradation path (Firecracker, Linux namespaces, SafeFallback) is really pragmatic. Most projects in this space just skip the isolation story entirely. What's the latency overhead like for a typical tool call going through the Firecracker vsock path vs SafeFallback?
Just an update to this project:
It is now fully functional, thoroughly tested. Given the multitude of available applications that are probably more practical than Lula, I just wanted to show /share this and hope that it finds at least some application somewhere!
This is another project I'll take this opportunity to share:
https://github.com/christianmeurer/Samantha
Take a look and tell me what you think!
Christian