[Lxc-users] Execute untrusted code in a container

Ciprian Dorin Craciun ciprian.craciun at gmail.com
Wed Jan 16 13:57:10 UTC 2013


On Tue, Jan 15, 2013 at 11:46 PM, pablo platt <pablo.platt at gmail.com> wrote:
> I want to execute user submitted code in Java, Python and other languages in
> a container.
> Something similar to http://ideone.com but much simpler.
> The code users submit should be simple, without accessing the network or
> files unless the user tries to compromise the server.

    Small comment orthogonal in regard to LXC: if you need to enforce
security, you should also try to "integrate" the "seccomp" facility of
Linux in combination with LXC. (Another viable security oriented
solution might be AppArmor. Of course you need to combine it with LXC
to obtain the environment isolation.)




More information about the lxc-users mailing list