ia-sandbox | Infoarena sandbox for running user submitted code
kandi X-RAY | ia-sandbox Summary
kandi X-RAY | ia-sandbox Summary
ia-sandbox is a Rust library. ia-sandbox has no bugs, it has no vulnerabilities, it has a Permissive License and it has low support. You can download it from GitLab.
ia-sandbox is a command line utility allowing you to run untrusted code, such as the one submitted by users on websites like [Codeforces] [Topcoder] or the website it was designed for [Infoarena] with certain limits for time (both user time and wall time), memory and number of processes while also collecting runtime information and exit status. It uses modern linux tools and as such requires a relatively new kernel: * [cgroups v1] - a linux kernel feature for limiting, accounting and isolating resource usage of a collection of proceeses * cpuacct - for precise user time usage and limits, requires a 64-bit computer for proper precision. Requires linux kernel ≥ 2.6.24 * memory - for memory usage and limits. Requires linux kernel ≥ 2.6.24 * pids - for limiting the number of processes, necessary for protection against fork bombs. Requires linux kernel ≥ 4.3 * [linux namespaces] - another linux kernel feature for isolating resources on the system * mount - for isolating mountpoints, the isolated application will only see itself and whatever the caller desides to mount next to it. Requires linux kernel ≥ 2.4.19 * ipc - for ipc isolation. Requires linux kernel ≥ 2.6.19 * uts - for uts isolation. Requires linux kernel ≥ 2.6.19 * pid - for isolating processes, the sandboxed application will see itself as the only running process on the entire system. Requires linux kernel ≥ 2.6.24 * network - for isolating network interfaces, the application can not make any changes to network, or see external changes. Requires linux kernel ≥ 2.6.24 * user namespaces - for isolating the user id and group id. The isolated application will see itself as root inside the sandbox, and as having all capabilities but for the purpose of accessing resources it will actually be the user id of sandbox owner, greatly limiting whatever power or exploit the application can do. Requires linux kernel ≥ 3.5, but for proper security it is better for it to ≥ 3.9 * cgroup - for isolating cgroups, to not allow the sandboxed application to change its own limits or usage. Requires linux kernel ≥ 4.6. Since all of these features need to be active, the minimum required version is 4.6.
ia-sandbox is a command line utility allowing you to run untrusted code, such as the one submitted by users on websites like [Codeforces] [Topcoder] or the website it was designed for [Infoarena] with certain limits for time (both user time and wall time), memory and number of processes while also collecting runtime information and exit status. It uses modern linux tools and as such requires a relatively new kernel: * [cgroups v1] - a linux kernel feature for limiting, accounting and isolating resource usage of a collection of proceeses * cpuacct - for precise user time usage and limits, requires a 64-bit computer for proper precision. Requires linux kernel ≥ 2.6.24 * memory - for memory usage and limits. Requires linux kernel ≥ 2.6.24 * pids - for limiting the number of processes, necessary for protection against fork bombs. Requires linux kernel ≥ 4.3 * [linux namespaces] - another linux kernel feature for isolating resources on the system * mount - for isolating mountpoints, the isolated application will only see itself and whatever the caller desides to mount next to it. Requires linux kernel ≥ 2.4.19 * ipc - for ipc isolation. Requires linux kernel ≥ 2.6.19 * uts - for uts isolation. Requires linux kernel ≥ 2.6.19 * pid - for isolating processes, the sandboxed application will see itself as the only running process on the entire system. Requires linux kernel ≥ 2.6.24 * network - for isolating network interfaces, the application can not make any changes to network, or see external changes. Requires linux kernel ≥ 2.6.24 * user namespaces - for isolating the user id and group id. The isolated application will see itself as root inside the sandbox, and as having all capabilities but for the purpose of accessing resources it will actually be the user id of sandbox owner, greatly limiting whatever power or exploit the application can do. Requires linux kernel ≥ 3.5, but for proper security it is better for it to ≥ 3.9 * cgroup - for isolating cgroups, to not allow the sandboxed application to change its own limits or usage. Requires linux kernel ≥ 4.6. Since all of these features need to be active, the minimum required version is 4.6.
Support
Quality
Security
License
Reuse
Support
ia-sandbox has a low active ecosystem.
It has 0 star(s) with 0 fork(s). There are no watchers for this library.
It had no major release in the last 6 months.
ia-sandbox has no issues reported. There are no pull requests.
It has a neutral sentiment in the developer community.
The latest version of ia-sandbox is current.
Quality
ia-sandbox has no bugs reported.
Security
ia-sandbox has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
License
ia-sandbox is licensed under the MIT License License. This license is Permissive.
Permissive licenses have the least restrictions, and you can use them in most projects.
Reuse
ia-sandbox releases are not available. You will need to build from source code and install.
Installation instructions, examples and code snippets are available.
Top functions reviewed by kandi - BETA
kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of ia-sandbox
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of ia-sandbox
ia-sandbox Key Features
No Key Features are available at this moment for ia-sandbox.
ia-sandbox Examples and Code Snippets
No Code Snippets are available at this moment for ia-sandbox.
Community Discussions
No Community Discussions are available at this moment for ia-sandbox.Refer to stack overflow page for discussions.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install ia-sandbox
The binary name is ia-sandbox. The easiest way to install this is using cargo the package manager for [Rust](https://www.rust-lang.org/). * The minimum supported version of Rust for ia-sandbox is 1.27.0, altough ia-sandbox might work with older versions. For actual isolation it is best to change the root of the sandbox (using -r or --new-root). This will unmount everything, except for /proc which is necessary, and is already only showing the isolated process. If you would like to explore the inside of the sandbox an easy way would be.
Support
For any new features, suggestions and bugs create an issue on GitLab.
If you have any questions check and ask questions on community page Stack Overflow .
Find more information at:
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
