Answer the question
In order to leave comments, you need to log in
B
B
blohinn2021-06-03 13:36:37
blohinn, 2021-06-03 13:36:37
How to run a process in an isolated environment?
My goal is to run code execution in a completely isolated environment.
I want to execute, for example, a command python main.pyand be sure that the running process will be
a) Limited in memory, processor, i / o (cgroups)
b) Will not have access to the Internet.
c) Will not be able to write anything anywhere.
d) Will not be able to get root, will not be able to know anything about other processes
I know about docker and similar technologies, but I want to run from the host, without the overhead of docker run and so on.
Am I reinventing the wheel or have I not found a suitable solution?
3 answer(s)
@pfg21
@Maksclub
P
pfg21, 2021-06-03 @pfg21
no. process isolation systems, starting with chroot, up to the navel and more, and all different levels of process decoupling from the system / hardware, must be studied and selected. systemd-nspawn
may well be enough for you .
M
Maxim Fedorov, 2021-06-03 @Maksclub
Maybe LXC containers are right for you?
on the basis of which docker containers were built before.
I saw work directly with them in one of the companies for stands (including sales)
- an absolutely empty image without anything ... and for example, raise your static binary in it (for example, in Golang or in C ++)
https://habr.com/ru/post/460535/
Similar questions
S
E
M
E
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question