Description
Virtualization-based process isolation helps container and sandbox tools run workloads with a stronger boundary than a normal process. It is useful for systems that want lightweight virtual-machine isolation behind container-like workflows.
This is infrastructure code, not a VM manager interface. Security depends on the calling runtime, kernel support, guest configuration, and how files or network access are shared.