Description
Containers gain an additional isolation layer by running inside a user-space kernel sandbox designed for OCI workloads.
This binary package is useful for administrators and developers who need stronger container isolation than a standard runtime may provide. It changes how containers execute, so compatibility, performance, kernel features, and security expectations should be tested before using it for production workloads.