Fork me on GitHub
#clojure
<
2019-07-15
>
tianshu05:07:16

Is there any sandbox library recommend? I want to run some untrust code snippets (JVM languages) with limited time and resources

jumar07:07:35

@U0NBGRGD6 Consider wrapping this as a service and running it in a separate docker container;you can also use SecurityManager directly (I guess you need to get acquainted with permission policies anyway)

jumar07:07:58

for even more robust sollution you can add SELinux

tianshu13:07:16

thanks for the tips, I think I will go for SecurityManager. I want to build a sandbox for running some small scripts.

jaihindhreddy07:07:35

Clojail was the thing: https://github.com/Raynes/clojail Unfortunately the creator, Anthony Grimes passed away.

jaihindhreddy07:07:47

So it might be unmaintained, but because it builds on top of JVM's built in sandboxing, and because Clojure itself hasn't changed significantly, it should still be pretty solid. http://4Clojure.com uses it to run submissions.

jaihindhreddy07:07:32

I'm sure others can suggest better alternatives (or reaffirm clojail's efficacy)

jaihindhreddy07:07:11

I didn't notice you said JVM langs and not Clojure specifically, I'm not sure about other languages.

tianshu10:07:31

@jaihindhreddy thanks, you said the JVM has a built-in sandbox?

mg13:07:47

Is there a better way to override the ILookup behavior of a map without creating a deftype that copies over the rest of the implementation?

mg13:07:54

@ghadi I'm creating a container for Components (a la com.stuartsierra.component library) and I want to have some custom logic in the not-found case, while still looking like a map for dev convenience purposes.

alexmiller13:07:30

you can have a deftype with a map attribute and defer where possible, and add your own logic where needed

mg13:07:14

yeah I suppose that's the nicest way

ghadi13:07:46

Component now supports extension by metadata, so that is probably a much nicer way to give a map custom protocol behavior @michael.gaare

mg13:07:00

Can you use extension-by-metadata to override something the object already implements? I guess that's worth a test

alexmiller13:07:16

depends how it's implemented

alexmiller13:07:29

if inlined in the impl, no

mg13:07:46

yeah I wouldn't expect it to work in the case of maps

ghadi13:07:56

for component (with-meta {...your component} {'com.stuartsierra.component/start (fn [c] ....your start impl....)} )

mg13:07:36

@ghadi I don't need to override the component Lifecycle protocol, I need to override clojure.lang.ILookup