https://github.com/xmc-dev/isowrap
Library for running programs safely isolated from the rest of the system
https://github.com/xmc-dev/isowrap
containers freebsd golang isolate jails linux
Last synced: 3 months ago
JSON representation
Library for running programs safely isolated from the rest of the system
- Host: GitHub
- URL: https://github.com/xmc-dev/isowrap
- Owner: xmc-dev
- License: isc
- Archived: true
- Created: 2017-06-12T18:56:29.000Z (almost 9 years ago)
- Default Branch: master
- Last Pushed: 2018-01-23T19:49:11.000Z (over 8 years ago)
- Last Synced: 2025-10-09T07:58:23.102Z (7 months ago)
- Topics: containers, freebsd, golang, isolate, jails, linux
- Language: Go
- Homepage:
- Size: 247 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Isowrap
[](https://travis-ci.org/xmc-dev/isowrap)
[](https://coveralls.io/github/xmc-dev/isowrap)
[](https://godoc.org/github.com/xmc-dev/isowrap)
Isowrap is a library used to execute programs isolated from the rest of the system.
It is a wrapper around Linux Containers (using [isolate](https://github.com/ioi/isolate)) and FreeBSD [jails](https://www.freebsd.org/doc/handbook/jails.html) (WIP).
This is probably alpha quality software.
## To do:
- [x] Linux isolate runner
- [x] Full env
- [x] FreeBSD jail runner
- [ ] DOES NOT COMPILE - breaking changes
- [x] Implement "proper" wall time limit.
- [x] Stack limit
- [x] Maximum number of processes
- [ ] Enable/Disable networking
- [x] Environment variables
## Platform specific requirements
### Linux (`isolate`)
See the [INSTALLATION](https://github.com/ioi/isolate/blob/master/isolate.1.txt#L254-L280) part of the isolate manual. Control groups are required, make sure that they are enabled and `cgroupfs` is mounted.
### FreeBSD (`jail`)
Enable kernel `racct` support by adding the following line to `/etc/loader.conf`:
```
kern.racct.enable=1
```