Kernel

VM is the virtualisation of a computer system. It can fully simulate a complete operating system which included the Kernel#, system libraries, applications etc. The implementation of VM usually involves the underlying computer architecture such as hardware, specialised software and so on.

System #202202211633 simulate a full-fledge operating system, included the Kernel#, system libraries and the targeted application to be contained, on top the containment facilities provided by the underlying host kernel. It is quite similar to 202204071131 but used only the kernel facilities.

Shell is a #Program that sits between user and the Kernel# which act like a command line interpreter. It will read commands from the user and execute them.

LSM is a #202204081225 framework that allows modules mediates the access to internal objects in the Kernel. To do so, they place hooks in the kernel code just before the access happen. They will impose several checks against access to see whether the request is valid and legal. LSM provides MAC-based controls without modifying the kernel.

Linux is a #free and #open source Kernel# based on Unix, first initiated and developed by Linus Torvalds. Most of the time, Linux is coupled alongside with GNU utilities to compose a complete operating system which are contributed by Richard Stallman and Free Software Foundation (FSF) where they prefer to refer such combination as GNU/Linux or GNU+Linux.

select() system call, receiving either three file descriptor sets (described below) including read, write and exceptional file descriptor sets, allows the user process to instruct the Kernel to wait for either reading, writing, or exceptional I/O events to happen and to wake up the process only when one of these events occur. The first argument for select() should be the highest-numbered file descriptor (numfds) to be tested in any of passed three sets plus 1. With this system call, we can monitor several sockets (up until the limit numfds) via their File Descriptor# at the same time to see which one is ready for reading, which one is ready for writing etc. in a non-blocking manner. Meaning, the process will only be notified when the data is readily available for reading from either socket. An example usage of select() is shown below:

Because of this, container is more lightweight, has faster startup and uses less memory than 202204071131. However, since containers share the same underlying Kernel#, they are less secure than virtual machine.