How to run the sandbox program

Question

How to run the sandbox program

Q: Is there a way for the Go program sandbox?
A: Yes. See GAE w / Go or play.golang.org

How it's done?

In my particular case, I would like to allow untrusted extensions written in Go. I think the Go playground is exactly what I need. Is this an open source? Or is there at least some documentation on how to create such a service?

Note:

code.google.com/p/go-playground is the source of the Go Playground editor. But the sandbox is hidden behind POST until http://golang.org/compile?output=json .

+7

go sandbox

deft_code Feb 07 '13 at 20:26

source share

2 answers

Playground sandbox technology, AFAIK, is not open. One reason for this, I think, is that publicly disclosing implementation information would make any attempted attack much easier.

I would advise that if you copied your own sandbox, provide fake / empty / limited versions of the packages {unsafe, runtime, net, os, syscall} and disable GOMAXPROCS above 1. But the design should be adapted to your very definition of the sandbox. Is file access yes / no / limited? Is the network yes / no / limited? etc. Last but not least, you probably need to disable CGO, assembler code, and possibly even create tags.

Consider the above list.

+9

zzzz Feb 07 '13 at 20:57

source share

kristianp · Accepted Answer · 2014-04-23T09:55:33+0000

According to http://blog.golang.org/playground , the sandbox on the Go playground uses NaCl to limit CPU and RAM usage. The code for it was merged into version 1.3.

How to run the sandbox program

Note:

More articles: