Public | Automated Build

Last pushed: 2 years ago
Short Description
sandbox the compilation and execution of source code or scripts
Full Description

What is Sandbox-Run

This is part of a FYP project and is for educational use.

Sandbox-Run aims to sandbox the compilation and excution of source code or scripts. Being run inside Docker, this makes Sandbox-Run cross-platform.

Sandbox-Run can be used in an Online Judge System, facilitates high protection against dangerous code. Or it can just be used to compile and run untrusted code or scripts.

Link to Docker Hub Repo

Link to Bitbucket Wiki Page

Link to Bitbucket Issue Tracker

Usage

$ docker run [docker-run-options] tomlau10/sandbox-run [options] <executable> [args]

For detailed reference, please visit Bitbucket Wiki Page

Technology

Sandbox-Run is written in C language for efficiency concern

  • Uses ptrace to monitor the <executable>
  • Uses libseccomp to block potentially dangerous system call

Built on the alpine:edge docker image which has minimal size.

Then pre-installed a few compilers and interpreters:

  • gcc
  • nodejs
  • python
  • ruby

Development

To compile and build:

The binary should be built inside the Alpine Linux container. build.sh is prepared for compiling the binary, building the image locally and removing untagged docker images in one step.

$ ./build.sh

For more details of the building process, please refer to the Dockerfile.

Docker Pull Command
Owner
tomlau10
Source Repository