For security and simplicity, some operating environments are configured to run applications in discrete sandboxes such as containers or virtual machines that isolate the applications from each other and from the physical hardware. The applications may interact with resources outside of the sandbox, such as the physical hardware (e.g., processors, memory, storage, I/O, etc.), via an intermediary at a lower level of the hierarchy. One example of such an intermediary is an operating system kernel. A kernel may receive instructions (i.e., system calls) from an application at an Application Programming Interface (API) of the kernel. The kernel executes the system call and returns any results to the application.
Throughout the drawings, identical reference numbers may designate similar, but not necessarily identical elements.