wasmtime-py
nsjail
Our great sponsors
wasmtime-py | nsjail | |
---|---|---|
3 | 6 | |
366 | 2,785 | |
3.9% | 2.3% | |
7.6 | 7.9 | |
1 day ago | 3 months ago | |
Python | C++ | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wasmtime-py
- another 4x to 5x speed up in calling #WASM #WebAssembly from python is on the horizon
-
WebAssembly: Adding Python Support to WASM Language Runtimes
Wasmtime's `wasmtime-py` embedding in python has support for Wasm Components: https://github.com/bytecodealliance/wasmtime-py#components (disclosure, I helped create it)
The remaining piece of the puzzle would be to create a wit-bindgen guest generator https://github.com/bytecodealliance/wit-bindgen#guests for this build of the python interpreter. You could then seamlessly call back and forth between the host and guest pythons, without even knowing that wasmtime is under the hood.
nsjail
-
Server-side sandboxing: Containers and seccomp
So what's the difference between nsjail[1] and bubblewrap[2]?
[1] https://github.com/google/nsjail
- Firejail: Light, featureful and zero-dependency security sandbox for Linux
-
Sandboxing C++, Rust, Python Code?
I am currently working on a code execution engine (also written in Rust) which uses nsjail for sandboxing and gnu time for measuring time and memory usage under the hood. You can run arbitrary code simply using a rest api and there is also a client library for Rust. It can already run C++, Rust and Python (and a few other languages) while allowing you to specify multiple source files, environment variables, command line arguments, standard input and resource limits (e.g. time, memory, maximum number of processes and whether network access is allowed or not). After running the program, the engine reports exit codes, outputs (stdout and stderr) and the amount of resources the program used.
- WebAssembly: Adding Python Support to WASM Language Runtimes
- Notes on Running Containers with Bubblewrap
- Bubblewrap: Unprivileged Sandboxing Tool for Linux
What are some alternatives?
python-wasi - Utilities for building CPython for the WASI platform
bubblewrap - Low-level unprivileged sandboxing tool used by Flatpak and similar projects
pywasm3 - Python bindings for Wasm3, a fast WebAssembly interpreter and the most universal WASM runtime
crosvm - The Chrome OS Virtual Machine Monitor - Mirror of https://chromium.googlesource.com/crosvm/crosvm/
empack - Tools to pack a conda / mamba environment into a JS & WASM bundle
RIP - Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++.
extism - The framework for building with WebAssembly (wasm). Easily load wasm modules, move data, call functions, and build extensible apps.
logkeys - :memo: :keyboard: A GNU/Linux keylogger that works!
python-sandbox-wasm
sandkasten - Run untrusted code in an isolated environment
wasmer-python - 🐍🕸 WebAssembly runtime for Python