使用虚拟文件系统在沙箱中运行 nodejs
[英]Run nodejs in sandbox with virtual filesystem
问题描述
I am working on a project of online python compiler.
我正在做一个在线 python 编译器的项目。 When user sends a python, Server will execute it.当用户发送 python 时,服务器将执行它。 What I want do is,create a sandbox with virtual filesystem, execute that script instide it, and that sandbox should far from real-server's filesystem, but nodejs should be able to control stdin and stdout of that sandbox.我想要做的是,创建一个带有虚拟文件系统的沙箱,在其中执行该脚本,并且该沙箱应该远离真实服务器的文件系统,但是 nodejs 应该能够控制该沙箱的 stdin 和 stdout。
How to make it possible?如何使它成为可能?
1 个解决方案
解决方案1
1 2020-01-12 08:43:33
Docker is a great way to sandbox things. Docker是沙箱事物的好方法。
You can run你可以跑
docker run --network none python:3
from your node.js server.来自您的 node.js 服务器。 Look at other switches of docker run to plug in as many security holes as possible.查看docker run 的其他开关以尽可能多地插入安全漏洞。
The shtick is, you run the docker command from your node.js server and pass the user's python code via stdin .关键是,您从 node.js 服务器运行 docker 命令并通过 stdin 传递用户的 python 代码。
Now, if your node.js server is on one machine and the sendbox should run on another machine, you tell docker to connect to the other machine using the DOCKER_HOST environment variable .现在,如果你的 node.js 服务器在一台机器上,而 sendbox 应该在另一台机器上运行,你告诉DOCKER_HOST使用DOCKER_HOST环境变量连接到另一台机器。
Docker containers wrap up the software in a complete filesystem that contains everything it needs to run: code, runtime, system tools, system libraries — basically anything you can install on a server.
This might be worth to read https://instabug.com/blog/the-difference-between-virtual-machines-and-containers/这可能值得一读https://instabug.com/blog/the-difference-between-virtual-machines-and-containers/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.