> I did not see any relevant content on the websites you mention in your HN profile
At least I have a filled out profile, unlike you.
Besides that, and the cheap personal attacks, you seem to be completely missing the point so let me spell it out for you: VMs, containers, chroot jails and all those other tools with which we can try to isolate two pieces of software running on the same hardware all have exploits, past, current and future ones. Any piece of software of even moderate complexity will have bugs, any isolation method should be considered fallible and leaky and you best defenses will take that into consideration when architecting your setup.
If you don't then sooner or later someone with more patience, a larger budget or more knowledge than you will get the better of you with all the consequences that may have.
At least I have a filled out profile, unlike you.
Besides that, and the cheap personal attacks, you seem to be completely missing the point so let me spell it out for you: VMs, containers, chroot jails and all those other tools with which we can try to isolate two pieces of software running on the same hardware all have exploits, past, current and future ones. Any piece of software of even moderate complexity will have bugs, any isolation method should be considered fallible and leaky and you best defenses will take that into consideration when architecting your setup.
If you don't then sooner or later someone with more patience, a larger budget or more knowledge than you will get the better of you with all the consequences that may have.