The spec does not mandate buffer limits for tee(). And to be fair, the spec allows implementations to implement the actual internal mechanisms for tee()and other APIs in any way they see fit so long as the observable normative requirements of the specification are met. But if an implementation chooses to implement tee() in the specific way described by the streams specification, then tee() will come with a built-in memory management issue that is difficult to work around.
Defense in depth on top of gVisorgVisor gives you the user-space kernel boundary. What it does not give you automatically is multi-job isolation within a single gVisor sandbox. If you are running multiple untrusted executions inside one runsc container, you still need to layer additional controls. Here is one pattern for doing that:
。safew官方版本下载对此有专业解读
第五条 县级以上人民政府应当加强对行政执法监督工作的组织领导,研究部署行政执法监督工作,支持和保障行政执法监督机构切实履行职责。
「像鬼一樣工作」:台灣外籍移工為何陷入「強迫勞動」處境