Sandbox.jl

The cultured host's toolkit for ill-mannered Linux guests.

This package provides basic containerization tools for running Linux guests on a variety of platforms. As of the time of writing, it supports two execution backends:

• A Linux User Namespaces executor, which is very fast and lightweight

• A Docker executor which is slower, but more compatible (it works on macOS, and may work on Windows)

The executors are responsible for running/virtualizing a given Cmd within a root filesystem that is defined by the user, along with various paths that can be mounted within the sandbox. These capabilities were originally built for BinaryBuilder.jl, however this functionality is now mature enough that it may be useful elsewhere.

Basic usage

To make use of this toolkit, you will need to have a root filesystem image that you want to use. This package comes with an Alpine minimal rootfs that can be used for quick tests, to launch /bin/sh in an interactive shell, run the following:

using Sandbox

config = SandboxConfig(
    Dict("/" => Sandbox.alpine_rootfs());
    stdin=Base.stdin,
    stdout=Base.stdout,
    stderr=Base.stderr,
)
with_executor() do exe
    run(exe, config, `/bin/sh`)
end

While this launches an interactive session due to hooking up stdout/stdin, one can easily capture output by setting stdout to an IOBuffer, or even a PipeBuffer to chain together multiple processes from different sandboxes.

Getting more rootfs images

To use more interesting rootfs images, you can either create your own using tools such as debootstrap or you can pull one from docker by using the pull_docker_image() function defined within this package. See the contrib directory for examples of both.