so user gets all of the dependencies and apps in userspace to run as well? but each of the command runs in its own more secure shell of some sorts?
so user gets all of the dependencies and apps in userspace to run as well? but each of the command runs in its own more secure shell of some sorts?
Correct, your PATH resolves to your local tools as if it was unprotected bash, but syscalls are filtered/virtualized
from a utilitarian perspective, can we swap this instead of a e2b or some other provider? since this doesnt require n number of micrvovm kernals and rootfs hanging round?
Exactly, that’d be the intention. For compute-heavy or long running jobs you’d still probably want a dedicated VM like on E2B but for quick stuff, bVisor