Hi all,

I'm about to wrap up my work for the Haskell committee (think half a summer of code): feed-gipeda

It's basically a daemon which will spawn benchmarking jobs for every commit of registered repositories. Much like Travis CI, but for benchmarks. You can see a simple web server, hosting the gipeda-generated sites, at http://perf-service.haskell.org/ghc/#all.

While the Haskell part is working smoothly enough for now, I'd really like some help setting up proper sandboxing environments for the benchmark slaves, in such a way that security isn't as much a concern as it currently is. We can go over the details on a less publicly shared medium, but I doubt the current solution (invoking shell scripts from a non-root user) is safe. So, some concrete points I need help with:
  1. Administrative expertise: Which part of the architecture runs has which rights, setting up proper sandboxing environments for benchmark slaves
  2. Ops stuff: Creating master and slave containers for a low barrier to entry and reproducible environments
  3. Distributed protocols: Someone with experience in stuff like SSH-tunneling/CloudHaskell/other useful things I should make the communication protocol of feed-gipeda aware of
  4. Some Haskellers which want to take a look at my code and contribute criticism or even code to it :)
Thanks in advance! So long,
Sebastian Graf