nsjail
extism
nsjail | extism | |
---|---|---|
6 | 47 | |
2,785 | 3,783 | |
1.2% | 3.6% | |
7.9 | 9.1 | |
3 months ago | 4 days ago | |
C++ | Rust | |
Apache License 2.0 | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nsjail
-
Server-side sandboxing: Containers and seccomp
So what's the difference between nsjail[1] and bubblewrap[2]?
[1] https://github.com/google/nsjail
- Firejail: Light, featureful and zero-dependency security sandbox for Linux
-
Sandboxing C++, Rust, Python Code?
I am currently working on a code execution engine (also written in Rust) which uses nsjail for sandboxing and gnu time for measuring time and memory usage under the hood. You can run arbitrary code simply using a rest api and there is also a client library for Rust. It can already run C++, Rust and Python (and a few other languages) while allowing you to specify multiple source files, environment variables, command line arguments, standard input and resource limits (e.g. time, memory, maximum number of processes and whether network access is allowed or not). After running the program, the engine reports exit codes, outputs (stdout and stderr) and the amount of resources the program used.
- WebAssembly: Adding Python Support to WASM Language Runtimes
- Notes on Running Containers with Bubblewrap
- Bubblewrap: Unprivileged Sandboxing Tool for Linux
extism
- Extism: Cross-language framework for building with WebAssembly
- Extism – make all software programmable. Extend from within
-
Faces.js, a JavaScript library for generating vector-based cartoon faces
Extism can be really useful for packaging up and running cross-language libraries!
The most clear information about it is at: https://extism.org, but its a bit focused on the primary use case for Extism, being a universal plugin system.
There is a C PDK (https://github.com/extism/c-pdk) which you'd probably want to use in a new wrapper around your library in C++, and compile it to wasm32 freestanding or WASI, but without emscripten. Extism doesn't currently have an interop layer to emscripten.
-
Show HN: Now my pet programming language can run in the browser
It may just be my own unique obsession to peek at the internals of .wasm, but if anyone else is curious:
https://modsurfer.dylibso.com/module?hash=ab6f4b2de9db171347...
u/nbittich - curious if you've tried to use your language as as a scripting language inside other apps? I took a peak at your browser wasm environment, and think we could hook up the `compute` entrypoint you have here[0], but I'm not certain what the `ctx` does without going super deep, and if it could be passed into an Extism function[1] (which is how I'd try to run it from within 16+ other languages).
[0]: https://github.com/nbittich/adana/blob/master/adana-script-w...
[1]: https://github.com/extism/extism
-
WebAssembly Playground
Yep, this is one of the initial motivations for creating Extism: https://github.com/extism/extism -- and it works across 16 host languages & 8 guest languages.
-
WASI 0.2.0 and Why It Matters
On the devx, there's definitely some rough edges around building and using Wasm. My company has been working on a framework to ease integrating Wasm into existing applications. One area it focuses on is providing easy data passing between the host program and the Wasm and vice versa. https://github.com/extism/extism We do not have WASI preview 2 support yet, but are interested in integrating it.
- Extism, the universal WASM framework, reaches 1.0
- Extism, the WebAssembly framework, hits 1.0
- Extism 1.0.0 Released
What are some alternatives?
bubblewrap - Low-level unprivileged sandboxing tool used by Flatpak and similar projects
wit-bindgen - A language binding generator for WebAssembly interface types
crosvm - The Chrome OS Virtual Machine Monitor - Mirror of https://chromium.googlesource.com/crosvm/crosvm/
WASI - WebAssembly System Interface
RIP - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++.
wasmtime - A fast and secure runtime for WebAssembly
wasmtime-py - Python WebAssembly runtime powered by Wasmtime
wasmer - 🚀 The leading Wasm Runtime supporting WASIX, WASI and Emscripten
logkeys - :memo: :keyboard: A GNU/Linux keylogger that works!
jssc - Java library for talking to serial ports (with added build support for maven, cmake, MSVC)
sandkasten - Run untrusted code in an isolated environment
nodejs-snowflake - Generate time sortable 64 bits unique ids for distributed systems (inspired from twitter snowflake)