0

backend.ai-jail

A programmable security sandbox for Backend.AI kernels

Github repo
Main metrics

Github stars Tracking Chart

Backend.ai-jail

A dynamic sandbox for Backend.Ai kernels.

Testing and Debugging

  • Requirements: Docker, make

As we provide all docker configurations to run this code with valid GOPATH,
you don't have to place the cloned working copy somewhere special.

Just run make prepare-dev to build and create a development container based
on Alpine Linux. Afterwards, you can docker start jail-dev and docker attach jail-dev to access its shell.

Inside the container, you can use go get, go build, and so on seamlessly.

To test the jail, run ./backend.ai-jail <policy-name> <command-args>.
Note that this jail binary cannot be executed outside the container even though
it exists inside the working copy, if you use different OS/architectures for
the host (e.g., macOS).

To debug, add -debug flag to the command-line arguments.

Building Release Binaries

Run make manylinux for glibc-based binaries (for Ubuntu/Debian Linux) and
make musllinux for musl-based binaries (for Alpine Linux).

On the target systems or images, you need to install libseccomp 2.2 or higher
to use Sorna jail.

Overview

Name With Ownerlablup/backend.ai-jail
Primary LanguageRust
Program languageMakefile (Language Count: 4)
Platform
License:GNU Lesser General Public License v3.0
Release Count1
Last Release Name0.1.0 (Posted on 2023-08-29 06:03:34)
First Release Name0.1.0 (Posted on 2023-08-29 06:03:34)
Created At2017-03-28 05:40:55
Pushed At2023-11-06 07:48:09
Last Commit At
Stargazers Count7
Watchers Count15
Fork Count2
Commits Count64
Has Issues Enabled
Issues Count13
Issue Open Count8
Pull Requests Count10
Pull Requests Open Count2
Pull Requests Close Count12
Has Wiki Enabled
Is Archived
Is Fork
Is Locked
Is Mirror
Is Private
To the top