I’ve been experimenting with different approaches to running code in a sandbox for several years now, but my latest attempt feels like it might finally have all of the characteristics …
Umm. A restricted container in docker or podman would be a much better approach, or am I missing something here?
I usually just spin up a Containerfile (Dockerfile) and pre-install the requirements.txt, limit memory, cpus, file system (volumes), networking, as I see fit.
Umm. A restricted container in docker or podman would be a much better approach, or am I missing something here?
I usually just spin up a Containerfile (Dockerfile) and pre-install the requirements.txt, limit memory, cpus, file system (volumes), networking, as I see fit.
Bonus points running it rootless (unprivileged).