{"id":15669135,"url":"https://github.com/crazystylus/containersandbox","last_synced_at":"2025-03-14T16:23:24.739Z","repository":{"id":112757752,"uuid":"217384979","full_name":"crazystylus/ContainerSandbox","owner":"crazystylus","description":"A sanbox deployable inside a container written in GoLang","archived":false,"fork":false,"pushed_at":"2019-10-24T20:12:39.000Z","size":6,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-10-30T08:07:05.634Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/crazystylus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-10-24T20:00:09.000Z","updated_at":"2024-03-15T17:39:08.000Z","dependencies_parsed_at":null,"dependency_job_id":"d4032cea-8278-4560-a0b1-3908d47f6d16","html_url":"https://github.com/crazystylus/ContainerSandbox","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crazystylus%2FContainerSandbox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crazystylus%2FContainerSandbox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crazystylus%2FContainerSandbox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/crazystylus%2FContainerSandbox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/crazystylus","download_url":"https://codeload.github.com/crazystylus/ContainerSandbox/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243607579,"owners_count":20318424,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-03T14:21:38.492Z","updated_at":"2025-03-14T16:23:24.717Z","avatar_url":"https://github.com/crazystylus.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Sandbox\n## Description\nThis demonstarates deployment of a stable sandbox inside a running container for running untrusted codes and applications \u003cbr\u003e\nIf is meant to be used as a code judge base sandbox to be run inside a kubernetes pod or in a docker container\n\n## Breakdown\n1. Namespaces :- It uses the following namespace -\u003e UTS Namespace, Mount Namespace, IPC Namespace, PID Namespace and a Network Namespace\n2. CGroups :- It uses cpu, memory and pids cgroups to cut down fork bombs and memory and cpu eating malicious codes\n3. UnPriviledged user :- An unpriviledged user is used for compilation and execution of the programs\n4. *EXTRA* chroot :- Chroot support is there in case required, but it then needs a rootfs to switch to\n\n## Usage\nPrimarily it was tested on Podman v1.5.1 \u003cbr\u003e\nCopy Files to the git repo to a folder or pull in the container \u003cbr\u003e\n\u003cbr\u003e\n\u003cpre\u003e\n\u003e podman run -it --name gochk --cap-add=SYS_ADMIN -v /sandbox:/sandbox golang:alpine\n\u003e apk add openrc gcc libc-dev bash\n\u003e mkdir proc\n\u003e adduser sandbox # (uid and gid should be 1000 for this user)\n\u003e go build -o sandbox\n\u003e ./sandbox run 60 /bin/sh\n\u003c/pre\u003e\n## Benchmark\n### Adds 8ms latency per execution","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrazystylus%2Fcontainersandbox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcrazystylus%2Fcontainersandbox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrazystylus%2Fcontainersandbox/lists"}