sandbox

package
v0.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 10, 2026 License: MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BindMount 

type BindMount struct {
	Src string
	Dst string
}

BindMount represents a read-only bind mount for nsjail (-R src:dst).

type Cgroups 

type Cgroups struct {
	PidsMax     string // --cgroup_pids_max (count; 0 = disabled)
	MemMax      string // --cgroup_mem_max (bytes; 0 = disabled)
	MemSwapMax  string // --cgroup_mem_swap_max (bytes; -1 = disabled, 0 = no swap)
	CpuMsPerSec string // --cgroup_cpu_ms_per_sec (ms per second; 0 = disabled)
}

Cgroups holds nsjail cgroup limit flags for a single execution step. Each field corresponds to a --cgroup_* nsjail flag.

type CompiledRuntime 

type CompiledRuntime interface {
	Runtime
	// CompileCommand returns the full command and arguments for the compilation step.
	CompileCommand() []string
	// CompileBindMounts returns read-only bind mounts required during compilation.
	CompileBindMounts() []BindMount
	// CompileEnv returns environment variables for the compilation sandbox in "KEY=VALUE" format.
	CompileEnv() []string

	// CompileLimits returns the nsjail resource limits for the compile step.
	CompileLimits() Limits
}

CompiledRuntime is an optional interface for runtimes that require a compilation step before execution (e.g. Go). Runner checks for this interface via type assertion.

type Config 

type Config struct {
	RunTimeout     int // nsjail --time_limit and --rlimit_cpu for the run step, in seconds
	CompileTimeout int // nsjail --time_limit and --rlimit_cpu for the compile step, in seconds
	OutputLimit    int // maximum combined stdout+stderr bytes before killing the process
}

Config holds runtime-configurable parameters for the sandbox.

type DefaultFile 

type DefaultFile struct {
	Name    string // filename relative to the working directory (e.g. "go.mod")
	Content []byte
}

DefaultFile represents a file that should be written to the working directory before execution if a file with that name does not already exist.

type Limits 

type Limits struct {
	Rlimits Rlimits
	Cgroups Cgroups
}

Limits combines POSIX resource limits and cgroup limits for a single nsjail execution step.

type Result 

type Result struct {
	Stdout   string  `json:"stdout"`
	Stderr   string  `json:"stderr"`
	Output   string  `json:"output"`
	ExitCode int     `json:"exit_code"`
	Status   Status  `json:"status"`
	Signal   *string `json:"signal"`
}

type Rlimits 

type Rlimits struct {
	AS     string // --rlimit_as (MiB or "hard")
	Fsize  string // --rlimit_fsize (MiB or "hard")
	Nofile string // --rlimit_nofile (count or "hard")
	Nproc  string // --rlimit_nproc (count, "soft", or "hard")
}

Rlimits holds nsjail POSIX resource limit flags for a single execution step. Each field corresponds to a --rlimit_* nsjail flag. Valid values are a numeric string (e.g. "1024"), "soft" (inherit system soft limit), "hard" (inherit system hard limit), or "inf" (no limit).

type RunOutput 

type RunOutput struct {
	Compile *Result
	Run     *Result
}

RunOutput holds the results of a sandbox execution. Compile is non-nil only for compiled runtimes (e.g. Go). Run is nil when compilation fails.

type Runner 

type Runner struct {
	// contains filtered or unexported fields
}

Runner executes code in a sandboxed environment using nsjail.

func NewRunner 

func NewRunner(cfg Config) *Runner

NewRunner creates a Runner with the given configuration.

func (*Runner) Run 

func (r *Runner) Run(ctx context.Context, rt Runtime, tmpDir, entryFile string) (RunOutput, error)

Run executes the given entryFile inside an nsjail sandbox.

type Runtime 

type Runtime interface {
	// Name returns the runtime identifier.
	Name() RuntimeName

	// Command returns the full command and arguments to execute inside the sandbox.
	// entryFile is the absolute path inside the sandbox (e.g. "/sandbox/index.js").
	// Compiled runtimes may ignore this parameter when the executable path is
	// determined by the compilation step.
	Command(entryFile string) []string

	// BindMounts returns read-only bind mounts required by this runtime
	// (e.g. the runtime installation directory).
	BindMounts() []BindMount

	// Env returns environment variables for the sandbox in "KEY=VALUE" format
	// (e.g. "PATH=/mise/installs/node/24.14.0/bin:/usr/bin").
	Env() []string

	// Limits returns the nsjail resource limits for the run step.
	Limits() Limits

	// RestrictedFiles returns file names that users are not allowed to submit
	// for this runtime (e.g. managed dependency files like go.mod).
	RestrictedFiles() []string
}

Runtime defines the interface that all sandbox runtimes must implement.

func LookupRuntime 

func LookupRuntime(name RuntimeName) (Runtime, error)

LookupRuntime returns the Runtime for the given name. It returns an error if the name is empty (missing) or not a known runtime (invalid).

type RuntimeName 

type RuntimeName string

RuntimeName identifies a supported runtime. 

const (
	RuntimeNode           RuntimeName = "node"
	RuntimeRuby           RuntimeName = "ruby"
	RuntimeGo             RuntimeName = "go"
	RuntimePython         RuntimeName = "python"
	RuntimeRust           RuntimeName = "rust"
	RuntimeNodeTypeScript RuntimeName = "node-typescript"
	RuntimeBash           RuntimeName = "bash"
)

type Status 

type Status string
const (
	StatusOK                  Status = "OK"
	StatusSignal              Status = "SIGNAL"
	StatusTimeout             Status = "TIMEOUT"
	StatusOutputLimitExceeded Status = "OUTPUT_LIMIT_EXCEEDED"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.