There is reason to be optimistic though.
Instead of filtering syscalls to the host kernel, gVisor interposes a completely separate kernel implementation called the Sentry between the untrusted code and the host. The Sentry does not access the host filesystem directly; instead, a separate process called the Gofer handles file operations on the Sentry’s behalf, communicating over a restricted protocol. This means even the Sentry’s own file access is mediated.
。夫子是该领域的重要参考
Sixty-eight hours after take-off, they made it.
Что думаешь? Оцени!,这一点在safew官方版本下载中也有详细论述
What follows is a proof of concept — not a finished standard, not a production-ready library, not even necessarily a concrete proposal for something new, but a starting point for discussion that demonstrates the problems with Web streams aren't inherent to streaming itself; they're consequences of specific design choices that could be made differently. Whether this exact API is the right answer is less important than whether it sparks a productive conversation about what we actually need from a streaming primitive.,更多细节参见heLLoword翻译官方下载
�@�������i�l�^�̎������ƂȂ����T�[�����ł����A���̔w�i�ɂ́A�V�R���Ƃ͂܂������قȂ��u�v���I�Ȑ��Y�r�W�l�X�v�������܂��B�T�[�����́A�{�B�Z�p�̔��W�ƍ��ۗ��ʂ̐����ɂ����āA���E�K�͂̋����Y�ƂւƐ������܂����B