Yeuoly
e3298fb5cc
feat 0.2.2
|
il y a 1 an | |
|---|---|---|
| .github | il y a 1 an | |
| build | il y a 1 an | |
| cmd | il y a 1 an | |
| conf | il y a 1 an | |
| dependencies | il y a 1 an | |
| docker | il y a 1 an | |
| internal | il y a 1 an | |
| tests | il y a 1 an | |
| .gitignore | il y a 1 an | |
| README.md | il y a 1 an | |
| go.mod | il y a 1 an | |
| go.sum | il y a 1 an | |
| install.sh | il y a 1 an |
README.md
Dify-Sandbox
Requirements
sudo apt-get install pkg-config libseccomp-dev
Introduction
Dify-Sandbox offers a simple way to run untrusted code in a secure environment. It is designed to be used in a multi-tenant environment, where multiple users can submit code to be executed. The code is executed in a sandboxed environment, which restricts the resources and system calls that the code can access.
Stack
- Service: Gin
- Library: Go
- Sandbox: Seccomp
Principle
- Run
./build/build.shto build a Linux native binary file which contains the seccomp filter - A temp directory is created for each code execution
- Launch the code execution in a new process and set a chroot jail to restrict the access to the file system
- Set the seccomp filter using native library to restrict the system calls that the code can access
- Drop the privileges of the process to a non-root user which could not access any resource
- Execute the code and capture the output
For now, Dify-Sandbox supports syscalls below:
var allowedSyscalls = []int{
// file io, only write and close file descriptor
SYS_WRITE, SYS_CLOSE,
// thread, used to fasten the execution
SYS_FUTEX,
// memory, allocate and free memory
SYS_MMAP, SYS_BRK, SYS_MPROTECT, SYS_MUNMAP,
// user/group, used to drop the privileges
SYS_SETUID, SYS_SETGID,
// process
SYS_GETPID, SYS_GETPPID, SYS_GETTID,
SYS_EXIT, SYS_EXIT_GROUP,
SYS_TGKILL, SYS_RT_SIGACTION,
// time
SYS_CLOCK_GETTIME, SYS_GETTIMEOFDAY, SYS_TIME, SYS_NANOSLEEP,
SYS_EPOLL_CTL,
}