1. 7

  2. 4

    I can’t help but look at these complexities and wonder why not use Nix and its existing, excellent sandboxing support? No custom FUSE filesystems needed.

    1. 1

      Some of the details I’m looking for seem to be in the manpage. It would be great if this article or the README.md contained a “Why sandboxfs?” section that clearly indicated what use cases are better suited by sandboxfs than more traditional solutions (chroot, filesystem namespaces, bind mount, seccomp, etc).

      It sounds like it could be appealing but I’d like to understand more. I’m also especially curious about the cost: a FUSE mount sounds like it would be slow.

      You can view a rendered version of this manual page using the following command after cloning the tree

      Would that github had a ?roff renderer. I know we hate to repeat ourselves but an excerpt or two copied from the manpage would be really convenient.