NAME

App::EvalServerAdvanced - A more featured update to App::EvalServer

VERSION

version 0.001

DESCRIPTION

This is a complete redesign and rewrite of the original code behind App::EvalServer.

This code is only BETA quality at best. See the USE section below for more information.

FEATURES

Features over App::EvalServer

Use of Linux namespaces.

The chroot is accompanied by a private mounted tmpfs filesystem. This allows a safe writable /tmp that won't be seen by anyone else. The evaluated code is placed in it's own PID space. This helps prevent it from sending signals to anything else that might be running.

Use of Seccomp

More featureful sandboxing with Seccomp rules. This helps prevent anything running from issuing any potentially dangerous system calls.

Formal network protocol.

You can send multiple requests per connection, and wait on them asynchronously. This helps enable better scheduling and handling of batch actions, and allows you to cancel inflight requests. This also allows the cancelling, by the client, of a long running job while it's running.

USE

You'll want to take a look at the 'etc' directory in the dist for an example config. Future versions will include a script for generating a configuration and environment for running the server.

Right now you probably don't actually want to actually install this, but instead just download the dist and run from it locally. It's a bit difficult to use and requires root.

TODO

Make a script to create a usable environment

Create some kind of pluggable system for specifiying additional Seccomp rules

Create another pluggable system for extending App::EvalServer::Sandbox::Internal with additional subs

Finish enabling full configuration of the sandbox without having to edit any code

SEE ALSO

App::EvalServerAdvanced::REPL, App::EvalServerAdvanced::Protocol

AUTHOR

Ryan Voots <simcop@cpan.org>