sudo apt-get install pkg-config libseccomp-devDify-Sandbox offers a simple way to run untrusted code in a secure environment. It is designed to be used in a multi-tenant environment, where multiple users can submit code to be executed. The code is executed in a sandboxed environment, which restricts the resources and system calls that the code can access.
- Service: Gin
- Library: Go
- Sandbox: Seccomp
- Run
./build/build.shto build a Linux native binary file which contains the seccomp filter - A temp directory is created for each code execution
- Launch the code execution in a new process and set a chroot jail to restrict the access to the file system
- Set the seccomp filter using native library to restrict the system calls that the code can access
- Drop the privileges of the process to a non-root user which could not access any resource
- Execute the code and capture the output
For now, Dify-Sandbox supports syscalls below:
var allowedSyscalls = []int{
// file io, only write and close file descriptor
SYS_WRITE, SYS_CLOSE,
// thread, used to fasten the execution
SYS_FUTEX,
// memory, allocate and free memory
SYS_MMAP, SYS_BRK, SYS_MPROTECT, SYS_MUNMAP,
// user/group, used to drop the privileges
SYS_SETUID, SYS_SETGID,
// process
SYS_GETPID, SYS_GETPPID, SYS_GETTID,
SYS_EXIT, SYS_EXIT_GROUP,
SYS_TGKILL, SYS_RT_SIGACTION,
// time
SYS_CLOCK_GETTIME, SYS_GETTIMEOFDAY, SYS_TIME, SYS_NANOSLEEP,
SYS_EPOLL_CTL,
}
