Ye Lin's Random stuff
It has been a really long time since I last wrote something here as life happens, things get busier, etc etc. I am now trying to get back into writing things down and here we go!
So, imagine a tool or a service that allows you to run some arbitrary code via a shell. Either through a ssh or more commonly, via a web terminal. How does these tools isolate your code from other people’s code and vice versa ? How come you cannot see other people code or processes ?
The first thing you probably be thinking, in 2025, is “Docker”. Each console must be running in their own container, right ? Very likely that you are right. That’s what I’d think too.
But, if these containers are all sharing the same operating system kernel, is that always sufficient, especially for untrusted code.
When you run a container (let’s say ubuntu) without any modifications or changes on a Linux host, it shares the same Kernel as the host OS.
