https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/
https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html
https://www.hysolate.com/blog/windows-containers-101/
https://medium.com/@justen.walker/a-short-introduction-to-windows-containers-db5adc0db536
https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/
Silo was implemented in Windows 10 and it targets process isolation : isolated environment (wininit.exe, csrss.exe, etc), sharing the same OS kernel/devices for containerized processes.
A server silo is actually a super-job object. VMCompute (Hyper-V Library) uses the native Windows API to create a super-job object, and spawn a new containerized Windows environment. With a server silo you can share devices like GPU, soundcard, USB devices, etc (devices are mapped using symbolic links).
Had anyone been able to successfully create an isolated environment without Hyper-V, programmatically using super-job objects? Super-jobs are undocumented, but it could be used for sandboxing without using a VM, as it's integrated in the OS Kernel.
