Reputation: 43
Run nodejs in sandbox with virtual filesystem
I am working on a project of online python compiler. When user sends a python, Server will execute it. What I want do is,create a sandbox with virtual filesystem, execute that script instide it, and that sandbox should far from real-server's filesystem, but nodejs should be able to control stdin and stdout of that sandbox.
How to make it possible?
Upvotes: 0
Views: 489
Answers (1)
Reputation: 6038
Docker is a great way to sandbox things.
You can run
docker run --network none python:3
from your node.js server. Look at other switches of docker run to plug in as many security holes as possible.
The shtick is, you run the docker command from your node.js server and pass the user's python code via stdin.
Now, if your node.js server is on one machine and the sendbox should run on another machine, you tell docker to connect to the other machine using the DOCKER_HOST environment variable.
Docker containers wrap up the software in a complete filesystem that contains everything it needs to run: code, runtime, system tools, system libraries — basically anything you can install on a server. This guarantees that it will always run the same, regardless of the environment it is running in.
This might be worth to read https://instabug.com/blog/the-difference-between-virtual-machines-and-containers/
Upvotes: 1
Related Questions
- how to install node's file system in a vanilla project
- How can I use Node.js with the filesystem to map a fake drive?
- Node file system
- Load node modules from virtual file system
- Nodejs in sandbox
- Nodejs fs | Error: ENOTDIR: not a directory
- nodejs: run module in sandbox
- Embedded node/javascript sandbox?
- node.js file system problems
- Creating a customized sandbox in node.js (Can only read in a certain directory, and cannot write anywhere)