25 releases (8 stable)
1.3.3 | Sep 24, 2024 |
---|---|
1.3.2 | May 11, 2024 |
1.3.1 | Mar 11, 2023 |
1.3.0 | Jun 7, 2022 |
0.1.2 | Nov 30, 2019 |
#316 in Filesystem
92 downloads per month
68KB
1.5K
SLoC
tabox
A minimal program to securely execute untrusted executables in a sandboxed environment.
Featres:
- measure and limit accurately the usage of the following resources:
- CPU time in nanoseconds (both user, system)
- memory usage (maximum residente set size - RSS) in bytes
- wall time
- doesn't require root privileges (altough it requires user namespaces enabled, something that some distributions disable by default)
- dedicated filesystem for the sandbox with the possibility to bind-mount directories on the local filesyste, both read-only and read-write
- works also on macOS, altough in that system no real sandboxing is done and some features are not available (e.g. bind mounts)
This sandbox is currently used by task-maker-rust to securely execute user submissions.
License: MPL-2.0
Dependencies
~4–14MB
~191K SLoC