Ask HN: Whats State of the art for Code Sandboxing? (2024)
Im curious about running User Submitted code in a way that
* Protects the host system
* Protects the host network
* Lets me constrain allowed URLs
* Lets me constrain run time resources
* Lets me accept more than one language easily.
At a quick glance it seems like theres a healthy balance of recommendations from nested virtualization (QEMU inside a locked down docker host) and WASM (this can imply many architectures).
So HN, if you were to create a sandbox system. What would you reach for?
7 comments
[ 5.8 ms ] story [ 32.3 ms ] threadSo, I guess the rest of the owl is: what, if you had a magic wand, would you use such a system to run user submitted code to do?
So by nature you need to access the internet, but not the local network, and you need some file system access, but not much.
We also pay for cpu cycles, so preventing bitcoin mining is another one.
Basically do anything, but access our internal services, siphon out data in transit, mine bitcoin.
(Also before people say sandboxing wont solve all of this. I know. :P )
I particularly like the little benchmark you did on invocation time of native vs wasm vs firecracker vs docker.