A dynamic sandbox for Backend.Ai kernels.
Testing and Debugging ¶
- Requirements: Docker, make
As we provide all docker configurations to run this code with valid GOPATH, you don't have to place the cloned working copy somewhere special.
make prepare-dev to build and create a development container based
on Alpine Linux. Afterwards, you can
docker start jail-dev and
attach jail-dev to access its shell.
Inside the container, you can use
go build, and so on seamlessly.
To test the jail, run
./backend.ai-jail <policy-name> <command-args>.
Note that this jail binary cannot be executed outside the container even though
it exists inside the working copy, if you use different OS/architectures for
the host (e.g., macOS).
To debug, add
-debug flag to the command-line arguments.
Building Release Binaries ¶
make manylinux for glibc-based binaries (for Ubuntu/Debian Linux) and
make musllinux for musl-based binaries (for Alpine Linux).
On the target systems or images, you need to install libseccomp 2.2 or higher to use Sorna jail.