Can we create an isolation boundary between the application and the host kernel?
(1) Is it possible with LXC/LXD Containers? How?
or
(2) if it is not necessary for LXC /LXD Containers? then why?
This question Inspired from google project :
Gvisor (https://github.com/google/gvisor)
weblink : Application Kernel for Containers https://gvisor.dev