Explore container runtime protection strategies in this comprehensive conference talk. Delve into the security challenges faced by containers in cloud-native environments, examining attack vectors and existing protection mechanisms like AppArmor, SELinux, and seccomp. Discover recent advancements in kernel-aided and hardware-aided security measures, including Landlock, Core Scheduling, Memory Protection Keys, and Trusted Execution Environments. Learn about necessary adaptations to container runtime and image specifications, policy enforcement, debugging, monitoring, logging, and alerting management. Gain insights into the current state and future developments of hardened two-way sandboxes for both security and privacy in container environments.