On 28/03/14 01:28 AM, Jared Forsyth wrote: > Depending on your server setup, this might be a great place for a cheap > docker container. You get fairly safe sandboxing for cheap.
I don't consider Docker to be a safe enough sandbox for this, and I don't see any benefits it would provide for this even compared to using chroot + unshare from util-linux. I wrote playpen specifically for this use case to replace lxc or systemd-nspawn, and it performs this duty better than anything else that I'm aware of. https://github.com/thestinger/playpen It can reuse a single read-only root for any number of concurrent requests, which is important for this and why I abandoned LXC in the first place. It also implements a sane timeout, makes good use of seccomp, only uses MS_PRIVATE mount points and unshares all possible namespaces (CLONE_NEWUSER doesn't mix with a chroot at the moment). Since I'm avoiding a bulky third party solution focused on hosting operating systems, I'll be able to follow along much more quickly with namespace improvements and migrating to the new control group API.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Rust-dev mailing list Rust-dev@mozilla.org https://mail.mozilla.org/listinfo/rust-dev
