Key benefits
- Restricted filesystem visibility
- Resources access/usage (API, CPU, RAM, Network, …)
- Built-in security model with MAC (Mandatory Access Control)
- Preventing 'diplomatic suitcase' container model
- Strict enforcement on installed packages & dependencies
- 'White box' for the system auditability
- No duplication of root-fs
- Restricting RAM, Disk and CPU containerization cost
- Reusing of shared libraries between instances
- Boosting container startup time