Open NobodyXu opened 1 month ago
While docker isn't exactly safe, it is a good start.
We could then use fieecracker/gVisor to further sandbox the build.
Lastly, we could use RUSTC_WRAPPER to run each rustc invocation in a separate container.
While docker isn't exactly safe, it is a good start.
We could then use fieecracker/gVisor to further sandbox the build.
Lastly, we could use RUSTC_WRAPPER to run each rustc invocation in a separate container.