I slapped gvisor to container and call it a sandbox. In nutshell, just like Go Playground does.
We have a compiler container that receive source code, compile them to executable binary, and run said executable in another container. No brainer.
Requirements:
- Linux host
- Docker
- gVisor
We want to able to use gvisor but give it a bit of slack so it able to use docker socket. Skip this step if you want to use Docker's default runtime.
Copy runsc-uds to your/etc/docker/daemon.json and reload docker sudo systemctl reload docker.service.
{
"runtimes": {
"runsc": {
"path": "/usr/local/bin/runsc"
},
"runsc-uds": {
"path": "/usr/local/bin/runsc",
"runtimeArgs": [
"--host-uds=open"
]
}
}
}$ git pull https://github.com/iklabib/Kerat.git
# sorry, no public image yet, so you have to build it yourself
$ docker build . -t kerat:engine
$ docker run --runtime=runsc-uds -p 3145:3145 \
-v /var/run/docker.sock:/var/run/docker.sock \
--mount type=bind,source="$(pwd)"/config.yaml,target=/app/config.yaml \
-it kerat:engineIf you don't have Linux machine and just want to test things out, remove runtime from config.yaml to fallback to Docker's default runtime.