Investigate use of Dockr as back-end for code execution
Based on their experiences with Dockr, both Lennart and Eelco have recommended that Dockr not be used for this application (yet). Dockr is an abstraction layer on top of Linux containers but this abstraction layer is not mature/stable enough and any non-standard setups are very difficult to realize. Additionally, security of Dockr containers is not guaranteed, root access to a guest can still expose the host system. Additionally, proper security requires use of SeLinux, Apparmor or something similar. More so, there appear to be issues with the volatile file system recommended by Dockr. Scalability and maintainability is also an issue whereby created a container for every execution may be a problem. Instead a session-sharing scheme should be deployed but this violates our determinism of grade criteria.
Log in to post comments