backend.ai-jail

A programmable security sandbox for Backend.AI kernels

Github 星跟踪圖

Backend.ai-jail

A dynamic sandbox for Backend.Ai kernels.

Testing and Debugging

  • Requirements: Docker, make

As we provide all docker configurations to run this code with valid GOPATH, you don't have to place the cloned working copy somewhere special.

Just run make prepare-dev to build and create a development container based on Alpine Linux. Afterwards, you can docker start jail-dev and docker attach jail-dev to access its shell.

Inside the container, you can use go get, go build, and so on seamlessly.

To test the jail, run ./backend.ai-jail <policy-name> <command-args>. Note that this jail binary cannot be executed outside the container even though it exists inside the working copy, if you use different OS/architectures for the host (e.g., macOS).

To debug, add -debug flag to the command-line arguments.

Building Release Binaries

Run make manylinux for glibc-based binaries (for Ubuntu/Debian Linux) and make musllinux for musl-based binaries (for Alpine Linux).

On the target systems or images, you need to install libseccomp 2.2 or higher to use Sorna jail.

概況

主要編程語言Go
程式設計語言Makefile
許可證GNU Lesser General Public License v3.0
最後提交時間2019-01-17 18:49:34
創建於2017-03-28T05:40:55
推送於2021-05-17T06:50:44
Commits Count51
關注者數13
名稱與所有者lablup/backend.ai-jail
派生數1
星數6
問題數10
打開的問題數6
語言數3
拉請求數3
打開的拉請求數1
已啟用問題?
已啟用Wiki?
已存檔?
是派生?
已鎖定?
是鏡像?
是私有?
To the top