@simon @anildash Is there a good high-level discussion somewhere that compares the security models of WASM, JAVA, .NET, and Linux containers (plus perhaps others)? Addressing questions such as granularity (per file/directory/other, IP by IP address/domain/other), roles (user, administrator, developer, ...), complexity (yes/no settings, conditions, Turing-complete configuration language), etc.