BoxLite

BoxLite vs Docker: Which Should You Use?

TL;DR

Use Docker for trusted application deployment where performance is critical. Use BoxLite when running untrusted code (AI agents, user submissions) where security isolation is non-negotiable. Docker containers share the host kernel; BoxLite sandboxes each have their own kernel via hardware virtualization.

Quick Comparison

Feature BoxLite Docker
Isolation Type Hardware VM (micro-VM) Kernel namespaces
Kernel Separate per sandbox Shared with host
Container Escape Risk Near zero (VM boundary) Possible (CVEs exist)
Boot Time <1 second <100ms
Memory Overhead ~50-100MB per VM Minimal
Daemon Required No Yes (dockerd)
Root Required No (KVM access only) Typically yes
OCI Image Support Full Native
Embeddable Yes (library) No (CLI/API)

What's the fundamental difference?

The core difference is where isolation happens:

  • Docker uses Linux kernel features (namespaces, cgroups, seccomp) to isolate processes. All containers share the same kernel as the host.
  • BoxLite uses hardware virtualization to run each sandbox in its own micro-VM with a separate kernel. The host kernel is never exposed to sandbox code.

This means a vulnerability in Docker's isolation (a "container escape") could give an attacker access to the host system. With BoxLite, even if an attacker compromises the sandbox kernel, they're still trapped inside a VM with no path to the host.

Why does Docker's shared kernel matter?

Container escapes are real. Here are some notable Docker/container CVEs:

  • CVE-2024-21626 (runc) - Container escape via /proc/self/fd handling
  • CVE-2020-15257 (containerd) - Host network namespace access
  • CVE-2019-5736 (runc) - Host root access via container escape

If you're running trusted code you control, these risks are manageable. But for AI-generated code or user-submitted code, any container escape could be catastrophic.

When should you use Docker?

Use Docker when:

  • You control all code running in containers
  • Maximum performance is critical
  • You're deploying microservices in production
  • You need the mature Docker ecosystem (Compose, Swarm, Kubernetes)
  • Boot time under 100ms is required

When should you use BoxLite?

Use BoxLite when:

  • Running AI-generated code (LLM agents, code interpreters)
  • Executing user-submitted code (online judges, tutorials)
  • Multi-tenant isolation is required
  • Compliance requires VM-level isolation (PCI-DSS, SOC2)
  • You need to embed sandboxing in your application (no daemon)
  • You can't trust the code being executed

Can I use both together?

Yes! A common pattern is:

  • Use Docker for your application infrastructure (web servers, databases, queues)
  • Use BoxLite inside your application to sandbox untrusted operations (AI code execution, user scripts)

BoxLite can run inside a Docker container, providing defense-in-depth: even if BoxLite had a vulnerability, the attacker would still be inside a Docker container.

Code comparison

Here's how you'd run Python code in each:

Docker (via subprocess)

import subprocess

# Requires Docker daemon running
result = subprocess.run([
    "docker", "run", "--rm",
    "python:slim",
    "python", "-c", "print('Hello')"
], capture_output=True, text=True)

print(result.stdout)

BoxLite (embedded)

import boxlite

# No daemon, just a library
async with boxlite.SimpleBox("python:slim") as box:
    result = await box.exec("python", "-c", "print('Hello')")
    print(result.stdout)

Summary

Docker revolutionized deployment by making containers practical. BoxLite builds on that foundation by bringing hardware-level isolation to the same workflow—same OCI images, similar API, but with a VM boundary instead of kernel namespaces.

The rule is simple: Trust your code? Use Docker. Don't trust it? Use BoxLite.

Ready to try BoxLite?

Get started with secure sandboxing in minutes.

Get Started View All Comparisons