https://github.com/lablup/backend.ai-jail

A programmable security sandbox for Backend.AI kernels
https://github.com/lablup/backend.ai-jail

backendai jail sandboxing

Last synced: 2 months ago
JSON representation

A programmable security sandbox for Backend.AI kernels

• Host: GitHub
• URL: https://github.com/lablup/backend.ai-jail
• Owner: lablup
• License: lgpl-3.0
• Created: 2017-03-28T05:40:55.000Z (over 8 years ago)
• Default Branch: main
• Last Pushed: 2024-05-30T06:06:56.000Z (over 1 year ago)
• Last Synced: 2025-06-03T18:16:04.234Z (4 months ago)
• Topics: backendai, jail, sandboxing
• Language: Rust
• Homepage:
• Size: 118 KB
• Stars: 8
• Watchers: 15
• Forks: 2
• Open Issues: 11
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Backend.AI Jail

A dynamic sandbox for Backend.AI kernels.

## Testing and Debugging

* Requirements: Docker, make

Just run `make prepare-dev` to build and create a development container based

on Ubuntu.  Afterwards, you can `docker start jail-dev` and `docker

attach jail-dev` to access its shell.

Inside the container, run `cargo build`. This will build our backend.ai-jail.

To test the jail, run `target/debug/backendai-jail [--policy ] `.

Note that this jail binary cannot be executed outside the container even though

it exists inside the working copy, if you use different OS/architectures for

the host (e.g., macOS).

To debug, add `--debug` flag to the command-line arguments.

## Building Release Binaries

Run `make ubuntu` for glibc-based binaries (for Ubuntu/Debian Linux) and

`make alpine3.8` for musl-based binaries (for Alpine Linux). Check Makefile for more informations.

On the target systems or images, you need to install libseccomp 2.2 or higher

to use Backend.AI Jail.