|
|
|
|
|
|
by londons_explore
1054 days ago
|
|
|
These designs always seem so complex... And one overlooked feature of any API could totally break the sandbox. Whereas a simple 'we run everything in a VM' seems much simpler and less fragile. 'We run this process in a VM-like mode where Linux syscalls aren't allowed but instead we define a new syscall-like interface which goes to privileged host code' seems like a good compromise. But in this case, that host code should have special abilities to mmap files into the address space of the 'VM' to make IO fast and efficient. One way to do this would be to use undefined instruction traps to enter a debugger, which could then implement a syscall-like API. That would make it portable to any OS, yet ultra fast. |
|
|