Docker

Baseline: separate namespace + cgroups. Shares kernel — kernel exploit escapes. OK for many use cases.

Advertisement

gVisor

User-space kernel between container + host kernel. Blocks most syscalls. Slower but stronger isolation. Used by Google Cloud Run.

Advertisement

Firecracker microVM

Lightweight VM (KVM). Full hardware isolation. AWS Lambda uses. Fast startup (~125ms). Strongest isolation reasonable.

E2B, Modal, Runloop

Managed agent sandbox services. Handle isolation + persistence + scaling. Popular for AI agent deployments.