Fork me on GitHub
#graalvm
<
2021-09-06
>
wombawomba11:09:09

I have a Clojure app where I want to be able to use the GraalVM polyglot facilities to run Python/JS code, both in development (via Leiningen) and in native builds (via native-image). Is this doable, and if so, how would I go about it?

borkdude11:09:54

that should be doable

wombawomba12:09:59

any idea which dependencies I should add to my project to be able to do stuff like this in dev?

borkdude12:09:18

I think you should use GraalVM as the JVM

wombawomba12:09:38

okay, makes sense

borkdude12:09:56

just read those docs I posted above (the whole page)

wombawomba12:09:33

phew okay that was a lot easier than I had anticipated — very cool

wombawomba12:09:19

BTW, any idea how good/trustworthy GraalVM's sandboxing for polyglot languages is? I'd like to get something akin to SCI (no access to the rest of the machine or program state, except via a small set of functions that I define) but for these other languages. Possible?

wombawomba12:09:27

(it seems like the 'exposing functions to guest language' part is doable via https://www.graalvm.org/reference-manual/embed-languages/#access-java-from-guest-languages — not sure about the sandboxing part though...)

borkdude12:09:04

yeah, I don't know about that

wombawomba12:09:18

https://www.graalvm.org/reference-manual/embed-languages/#access-restrictions > The Polyglot API by default restricts access to certain critical functionality, such as file I/O. These restrictions can be lifted entirely by setting `allowAllAccess` to `true`. > Note: The access restrictions are currently only supported with JavaScript.

borkdude12:09:20

maybe a better place to ask about this is in the graalvm slack, link is on the topic

💯 2
borkdude12:09:46

I'll follow the discussion as I would also like to know

wombawomba12:09:46

seems like there's no proper sandboxing support :(

wombawomba12:09:58

okay I'll ask there, thanks