Docker
Baseline: separate namespace + cgroups. Shares kernel — kernel exploit escapes. OK for many use cases.
Advertisement
gVisor
User-space kernel between container + host kernel. Blocks most syscalls. Slower but stronger isolation. Used by Google Cloud Run.
Advertisement
Firecracker microVM
Lightweight VM (KVM). Full hardware isolation. AWS Lambda uses. Fast startup (~125ms). Strongest isolation reasonable.
E2B, Modal, Runloop
Managed agent sandbox services. Handle isolation + persistence + scaling. Popular for AI agent deployments.