What is Sandbox-Run
This is part of a FYP project and is for educational use.
Sandbox-Run aims to sandbox the compilation and excution of source code or scripts. Being run inside Docker, this makes Sandbox-Run cross-platform.
Sandbox-Run can be used in an Online Judge System, facilitates high protection against dangerous code. Or it can just be used to compile and run untrusted code or scripts.
Link to Docker Hub Repo
Link to Bitbucket Wiki Page
Link to Bitbucket Issue Tracker
$ docker run [docker-run-options] tomlau10/sandbox-run [options] <executable> [args]
For detailed reference, please visit Bitbucket Wiki Page
Sandbox-Run is written in C language for efficiency concern
- Uses ptrace to monitor the
- Uses libseccomp to block potentially dangerous system call
Built on the alpine:edge docker image which has minimal size.
Then pre-installed a few compilers and interpreters:
To compile and build:
The binary should be built inside the Alpine Linux container.
build.sh is prepared for compiling the binary, building the image locally and removing untagged docker images in one step.
For more details of the building process, please refer to the