This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2019-07-15
Channels
- # aleph (9)
- # announcements (6)
- # beginners (42)
- # calva (4)
- # cider (9)
- # clara (2)
- # clj-kondo (1)
- # cljdoc (108)
- # cljs-dev (10)
- # clojure (25)
- # clojure-brasil (1)
- # clojure-chicago (1)
- # clojure-europe (4)
- # clojure-italy (42)
- # clojure-nl (14)
- # clojure-uk (66)
- # clojurebridge (3)
- # clojurescript (23)
- # clojutre (2)
- # community-development (1)
- # cursive (2)
- # datomic (4)
- # figwheel-main (21)
- # fulcro (23)
- # jobs-discuss (1)
- # kaocha (1)
- # off-topic (10)
- # pedestal (4)
- # reitit (2)
- # shadow-cljs (41)
- # spacemacs (7)
- # sql (20)
- # xtdb (3)
Is there any sandbox library recommend? I want to run some untrust code snippets (JVM languages) with limited time and resources
@U0NBGRGD6 Consider wrapping this as a service and running it in a separate docker container;you can also use SecurityManager directly (I guess you need to get acquainted with permission policies anyway)
thanks for the tips, I think I will go for SecurityManager. I want to build a sandbox for running some small scripts.
Clojail was the thing: https://github.com/Raynes/clojail Unfortunately the creator, Anthony Grimes passed away.
So it might be unmaintained, but because it builds on top of JVM's built in sandboxing, and because Clojure itself hasn't changed significantly, it should still be pretty solid. http://4Clojure.com uses it to run submissions.
I'm sure others can suggest better alternatives (or reaffirm clojail's efficacy)
I didn't notice you said JVM langs and not Clojure specifically, I'm not sure about other languages.
@jaihindhreddy thanks, you said the JVM has a built-in sandbox?
Is there a better way to override the ILookup behavior of a map without creating a deftype that copies over the rest of the implementation?
@michael.gaare Porque?
@ghadi I'm creating a container for Components (a la com.stuartsierra.component library) and I want to have some custom logic in the not-found case, while still looking like a map for dev convenience purposes.
you can have a deftype with a map attribute and defer where possible, and add your own logic where needed
Component
now supports extension by metadata, so that is probably a much nicer way to give a map custom protocol behavior @michael.gaare
Can you use extension-by-metadata to override something the object already implements? I guess that's worth a test
depends how it's implemented
if inlined in the impl, no