search

ioi / isolate

Sandbox for securely executing untrusted programs
Other
1.05k stars 157 forks source link

[Query] How does isolate compare to containerised sandboxes? #86

Closed areebbeigh closed 4 years ago

areebbeigh commented 4 years ago

I'm looking into sandboxing techniques for running untrusted code, specifically for the same use case isolate was developed for (programming contests). I'm curious about a couple of things:

  1. How does isolate compare to sandboxing techniques that employ Docker to run the programs in terms of security?

  2. Would it be possible to set hard limits on CPU and memory usage for processes using isolate? e.g 512 MB of memory and 1 CPU per submission

gollux commented 4 years ago

Did you read the documentation and the paper mentioned in the README?