> > The safe
> > execution environment is achieved by running the code in a Docker
> > container.
> what do you mean by safe? It's certainly not secure.
Okay, there's a Host machine that is running all the Docker containers
(also called Jails). When a user starts a session, a Container gets
created. This user will send all his PicoLisp code through the website to a
Container that is running a PicoLisp server. The PicoLisp server executes
the code, and the result is returned to the user.
If the user ever tries (delete-all-files) or whatever, that Container will
get affected, but not the host machine. If the user wants to continue with
his session, the Host can create another Container. A professor I know was
working on a system that automatically creates and destroys the containers
as needed. For this approach, we could have several PicoLisp servers (5,
for example) running inside a single Container. If someone runs malicious
code inside of the container, the container gets automatically destroyed
and re-created. The bad thing about this solution is that the other users
would lose their sessions.
Something that could get implemented is to save all the PicoLisp sessions
(their source code) in a Redis database, and that way the users wouldn't
lose their sessions.
It looks too complicated, but most of this has already be done in my
University. It was tested with Python, though.
Also, the system resources required for a container are minimal. Around 5
Mb of RAM per container. We could have 20 containers running 5 PicoLisp
servers, for a total of 100 users running "Try PicoLisp" simultaneously.
Anyway, the advantage of this approach is users would have 100% the
functionality of PicoLisp, not a watered down version, or a restricted
> Using VM like Alex suggests is better.
A Container is basically a VM, but cheaper. The downsides negligible, like
the limitation of running only a single Linux kernel for all the
containers, or not being able to run other operating systems (if the host
machine is a Linux with a kernel version X.X.X, all the containers will be
> UNSUBSCRIBE: mailto:firstname.lastname@example.org?subjectUnsubscribe