This repository has been archived by the owner on Jun 27, 2018. It is now read-only.
Use gaol or seccomp for sandboxing #277
Comments
|
This is why I think the move from playpen to Docker was a mistake. Playpen is expressly designed to run totally untrusted code. Docker isn't. Nevertheless, Docker supports seccomp, and we should be using it. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
http://security.stackexchange.com/a/107853/7497
Docker has a blacklist approach for security, which isn't ideal. We should be using a whitelisting sandbox.
The text was updated successfully, but these errors were encountered: