MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×
Everything posted by Silo
https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/ https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html https://www.hysolate.com/blog/windows-containers-101/ https://email@example.com/a-short-introduction-to-windows-containers-db5adc0db536 https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/ Silo was implemented in Windows 10 and it targets process isolation : isolated environment (wininit.exe, csrss.exe, etc), sharing the same OS kernel/devices for containerized processes. A server silo is actually a super-job object. VMCompute (Hyper-V Library) uses the native Windows API to create a super-job object, and spawn a new containerized Windows environment. With a server silo you can share devices like GPU, soundcard, USB devices, etc (devices are mapped using symbolic links). Had anyone been able to successfully create an isolated environment without Hyper-V, programmatically using super-job objects? Super-jobs are undocumented, but it could be used for sandboxing without using a VM, as it's integrated in the OS Kernel.