undefined | Better HN

0 pointsapexalpha2mo ago0 comments

The NT kernel misses all modern features like containers though.

0 comments

pjmlp2mo ago

Windows containers exist since Windows 10.

Containers are hardly modern, they trace back to offerings on 1990's, like HP-UX Vaults.

tombert2mo ago

Even prior to Windows 10, there was Sandboxie to give you something roughly analogous to FreeBSD jails.

Obviously not built into Windows but readily available since 2004.

viraptor2mo ago

Actual lightweight isolated processes? The docs are pretty vague about what the windows containers are and they still indicate that both Hyper-V and a chosen kernel is used - so that smells like a VM. Also, available only in windows 10 pro and higher, so no w10 in general.

pjmlp2mo ago

Yes, there are two modes, Hyper-V isolation and process isolation, which is similar to how Linux does it.

The kernel version has to do with process isolation not being fully there when Windows containers were initially supported, so they had the limitation the container kernel dependency had to match the host version.

Since Windows 11 this has been relaxed.

The namespacing approach is based on Jobs API.

Modern Windows security relies on several sandboxed components, Hyper-V is always running anyway, also one of the reasons of the updated harware requirements, while this configuration is optional on Windows 10, it is always enabled on Windows 11.

https://learn.microsoft.com/en-us/windows-hardware/design/de...

https://learn.microsoft.com/en-us/windows-hardware/drivers/b...

https://learn.microsoft.com/en-us/windows/security/hardware-...

j / k navigate · click thread line to collapse