No management of write security

[Alecsou]

In "normal" Lambda images, only the tmp file is available for file writing. The rest is read-execute-only.

https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#:~:text=The%20container%20image%20must%20be%20able%20to%20run%20on%20a%20read%2Donly%20file%20system.%20Your%20function%20code%20can%20access%20a%20writable%20/tmp%20directory%20with%20between%20512%20MB%20and%2010%2C240%20MB%2C%20in%201%2DMB%20increments%2C%20of%20storage.

Could it be possible to add this kind of security to the RIE?

[valerena]

Hi @Alecsou . RIE only emulates the Lambda runtime API (and incoming request/response). In my opinion a limitation like that should be handled at the system level. And in the end, RIE gives the control to the execution to the corresponding underlying runtime, so RIE doesn't have much control of what happens at that level.

I'm open to discuss, if you have a different opinion.