3

I'm thinking about building a web app that would involve users writing small segments of python and the server testing that code. However, this presents a ton of security concerns. Would docker be a good isolation tool for running this potentially malicious code? From what I've read, checking system calls with ptrace is a possibility, but I would prefer to use a preexisting tool.

4

1 回答 1

4

Docker 确实非常适合这种用法。但是,请注意 docker 还没有准备好用于生产。

我建议创建一个新容器并为您的用户授予此容器的非 root 权限。每个用户一个容器。

这样,您可以准备 docker 映像并准备环境并精确控制用户在做什么:)

于 2013-09-16T23:31:08.940 回答