16 Apr
2021
16 Apr
'21
7:38 p.m.
On Fri, Apr 16, 2021 at 03:31:20PM -0400, Chris Smith wrote:
I did use SafeHaskell long ago, to provide a server that executed student code in a class ... I now believe that this use case is far better served by virtualization, which is now a quite well-supported feature across all major operating systems.
Tangentially I'd like to plug an excellent resource for this that I recently discovered:
NsJail is a process isolation tool for Linux. It utilizes Linux namespace subsystem, resource limits, and the seccomp-bpf syscall filters of the Linux kernel.
https://github.com/google/nsjail/#overview It's an extremely impressive program! It allows isolation of system resources at a very fine-grained level. Tom