nsjail
sandkasten
nsjail | sandkasten | |
---|---|---|
6 | 1 | |
2,785 | 23 | |
1.2% | - | |
7.9 | 9.3 | |
3 months ago | 4 days ago | |
C++ | Rust | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nsjail
-
Server-side sandboxing: Containers and seccomp
So what's the difference between nsjail[1] and bubblewrap[2]?
[1] https://github.com/google/nsjail
- Firejail: Light, featureful and zero-dependency security sandbox for Linux
-
Sandboxing C++, Rust, Python Code?
I am currently working on a code execution engine (also written in Rust) which uses nsjail for sandboxing and gnu time for measuring time and memory usage under the hood. You can run arbitrary code simply using a rest api and there is also a client library for Rust. It can already run C++, Rust and Python (and a few other languages) while allowing you to specify multiple source files, environment variables, command line arguments, standard input and resource limits (e.g. time, memory, maximum number of processes and whether network access is allowed or not). After running the program, the engine reports exit codes, outputs (stdout and stderr) and the amount of resources the program used.
- WebAssembly: Adding Python Support to WASM Language Runtimes
- Notes on Running Containers with Bubblewrap
- Bubblewrap: Unprivileged Sandboxing Tool for Linux
sandkasten
-
Sandboxing C++, Rust, Python Code?
The code is available on GitHub (https://github.com/Defelo/sandkasten) and there is also a link to a public test instance in the readme. Feel free to let me know if this is useful to you or if something is unclear. Any kind of feedback is appreciated!
What are some alternatives?
bubblewrap - Low-level unprivileged sandboxing tool used by Flatpak and similar projects
deadnix - Scan Nix files for dead code
crosvm - The Chrome OS Virtual Machine Monitor - Mirror of https://chromium.googlesource.com/crosvm/crosvm/
forkfs - ForkFS allows you to sandbox a process's changes to your file system.
RIP - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++.
wasmer - 🚀 The leading Wasm Runtime supporting WASIX, WASI and Emscripten
wasmtime-py - Python WebAssembly runtime powered by Wasmtime
lanzaboote - Secure Boot for NixOS [maintainers=@blitz @raitobezarius @nikstur]
logkeys - :memo: :keyboard: A GNU/Linux keylogger that works!
wasmtime - A fast and secure runtime for WebAssembly
wasmer-python - 🐍🕸 WebAssembly runtime for Python
utoipa - Simple, Fast, Code first and Compile time generated OpenAPI documentation for Rust