This is a sandbox running on Linux. It's based on seccomp,setrlimit APIs.
With this you can run a guest executable and:
- Use seccomp rule to control guest's system calls
- Limit resources
- Time(Both CPU Time& Real Time)
- Memory
- Output size(When stdout is redirected to file)
- Redirect stdin&stdout of guest
- Pass custom arguments and environment variable
- Logging basic information of guest
-
Linux kernel 2.8+ (Confirmed OK on 5.10)
-
GCC6+(Confirmed OK on 6.3.0)
libseccomp is required to compile
- On Debian&Ubuntu:
$ sudo apt-get install libseccomp-dev libseccomp2 seccomp- On CentOS&RHEL:
$ sudo yum -y install libseccomp-
Or you can compile from source
Go to seccomp/libseccomp for information
Clone this repo
$ git clone Make and install it (to /usr/bin/)
$ cd sandbox
$ make
$ sudo make installNow you can run it
$ sandboxIt's recommended to pass arguments using quotes to avoid some special characters in string like =,;
$ sudo sandbox -p"./tests/helloworld" -a"1,2,3,4" -e"USER=bakaft;VERSION=1.0"
$ sudo sandbox --exe_path=./tests/helloworld --exe_args=1,2,3,4 --exe_envs="USER=bakaft;VERSION=1.0"
Thanks to these projects for inspiration
Thanks to these projects for providing useful codes