backend.ai-jail

command module
v0.0.0-...-43dac14 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 6, 2021 License: LGPL-3.0 Imports: 13 Imported by: 0

README

Backend.ai-jail

A dynamic sandbox for Backend.Ai kernels.

Testing and Debugging

  • Requirements: Docker, make

As we provide all docker configurations to run this code with valid GOPATH, you don't have to place the cloned working copy somewhere special.

Just run make prepare-dev to build and create a development container based on Alpine Linux. Afterwards, you can docker start jail-dev and docker attach jail-dev to access its shell.

Inside the container, you can use go get, go build, and so on seamlessly.

To test the jail, run ./backend.ai-jail <policy-name> <command-args>. Note that this jail binary cannot be executed outside the container even though it exists inside the working copy, if you use different OS/architectures for the host (e.g., macOS).

To debug, add -debug flag to the command-line arguments.

Building Release Binaries

Run make manylinux for glibc-based binaries (for Ubuntu/Debian Linux) and make musllinux for musl-based binaries (for Alpine Linux).

On the target systems or images, you need to install libseccomp 2.2 or higher to use Sorna jail.

Documentation

Overview

Command-line usage: 

./jail <child_args ...>  // use default policy
./jail -policy <policy_file> <child_args ...>

Example: 

./jail -policy python3.yml /bin/sh /home/backend.ai/run.sh

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.