InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards. Learn more →
Top 10 Go Sandbox Projects
-
If you think about it virtualization is just a narrowing of the application-kernel interface. In a standard setting the application has a wide kernel interface available to it with dozens (ex. seccomp) to 100's of syscalls. A vulnerablility in any one of which could result in complete system compromise.
With virtualization the attack surface is narrowed to pretty much just the virtualization interface.
The problem with current virtualization (or more specifically, the VMM's) is that it can be cumbersome, for example memory management is a serious annoyance. The kernel is built to hog memory for cache and etc. but you don't want the guest to be doing that - since you want to overcommit memory as guests will rarely use 100% of what is given to them (especially when the guest is just a jailed singular application), workarounds such as free page reporting and drop_caches hacks exist.
I would expect eventually to see high performance custom kernels for a application jails - for example: gVisor[1] acts as a syscall interceptor (and can use KVM too!) and a custom kernel. Or a modified linux kernel with patched pain points for the guest.
[1] <https://gvisor.dev/>
-
InfluxDB
Purpose built for real-time analytics at any scale. InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards.
-
Project mention: Codapi – Interactive code examples for documentation, education and fun | news.ycombinator.com | 2024-04-29
-
Nanos is the actual kernel while ops (https://ops.city) is the build/deploy tool. I presume you're asking if this is doing "orchestration" - that is more of a container term. These get deployed as actual vms so all the orchestration stuff is performed by the cloud.
-
-
eBPF-Guide
eBPF (extended Berkeley Packet Filter) Guide. Learn all about the eBPF Tools and Libraries for Security, Monitoring , and Networking.
-
-
Project mention: Show HN: Open-source SDK for creating custom code interpreters with any LLM | news.ycombinator.com | 2024-04-19
We'll have nice and easy support for self-hosting soon-ish.
In the meantime, everything is open-source and the infra is codified with Terraform. GCP should have the best support now. If you want to dig into it, we'd love to give you support along the road so we can improve the process.
Our infra repo [0] is a good place to start. Once you have E2B deployed, you can just change E2B_DOMAIN env var and use our SDK.
Feel free to email me, join our Discord, or open an issue if you have any questions
[0] https://github.com/e2b-dev/infra
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
nomad-pledge-driver
Nomad task driver capable of blocking unwanted syscall and filesystem access. Based on the pledge utility for Linux by Justine Tunney
https://github.com/shoenig/nomad-pledge-driver
-
Go Sandbox discussion
Go Sandbox related posts
-
Syd the perhaps most sophisticated sandbox for Linux
-
We Improved the Performance of a Userspace TCP Stack in Go by 5X
-
Codapi – Interactive code examples for documentation, education and fun
-
Nanos – A Unikernel
-
Codapi: Interactive code examples for documentation, education and fun
-
Google/Gvisor: Application Kernel for Containers
-
GVisor: OCI Runtime with Application Kernel
-
A note from our sponsor - InfluxDB
www.influxdata.com | 15 Sep 2024
Index
What are some of the best open-source Sandbox projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | gvisor | 15,544 |
2 | codapi | 1,458 |
3 | OPS | 1,264 |
4 | pipecd | 1,060 |
5 | eBPF-Guide | 523 |
6 | nomad-driver-podman | 227 |
7 | infra | 174 |
8 | host-spawn | 109 |
9 | nomad-pledge-driver | 22 |
10 | kira | 18 |