nsjail
A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security. (by google)
| python-sandbox-wasm | nsjail | |
|---|---|---|
| 3 | 6 | |
| 20 | 2,797 | |
| - | 1.6% | |
| 4.0 | 7.9 | |
| 3 months ago | 3 months ago | |
| Python | C++ | |
| MIT License | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
python-sandbox-wasm
Posts with mentions or reviews of python-sandbox-wasm.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-01-31.
-
WebAssembly: Adding Python Support to WASM Language Runtimes
I've not yet figured out the incantations I need to actually do this - in particular the limits on CPU and memory time.
I posed this question on Mastodon recently and Jim Kring put together this demo, which gets most of the way there (albeit using an old Python 3.6 build): https://github.com/jimkring/python-sandbox-wasm
It doesn't feel like this should be as hard to figure out as it is!
- New Project: Call Untrusted Python Code from Python inside a Web Assembly “Sandbox”
nsjail
Posts with mentions or reviews of nsjail.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-10-24.
-
Server-side sandboxing: Containers and seccomp
So what's the difference between nsjail[1] and bubblewrap[2]?
[1] https://github.com/google/nsjail
- Firejail: Light, featureful and zero-dependency security sandbox for Linux
-
Sandboxing C++, Rust, Python Code?
I am currently working on a code execution engine (also written in Rust) which uses nsjail for sandboxing and gnu time for measuring time and memory usage under the hood. You can run arbitrary code simply using a rest api and there is also a client library for Rust. It can already run C++, Rust and Python (and a few other languages) while allowing you to specify multiple source files, environment variables, command line arguments, standard input and resource limits (e.g. time, memory, maximum number of processes and whether network access is allowed or not). After running the program, the engine reports exit codes, outputs (stdout and stderr) and the amount of resources the program used.
- WebAssembly: Adding Python Support to WASM Language Runtimes
- Notes on Running Containers with Bubblewrap
- Bubblewrap: Unprivileged Sandboxing Tool for Linux
What are some alternatives?
When comparing python-sandbox-wasm and nsjail you can also consider the following projects:
wasmtime-py - Python WebAssembly runtime powered by Wasmtime
bubblewrap - Low-level unprivileged sandboxing tool used by Flatpak and similar projects