Open ma2bd opened 5 months ago
Currently, cargo test readme extracts BASH scripts from readme files and run them without sandboxing. This is ok but also a bit scary. We may want to use some (light) sandboxing depending on the execution platform.
cargo test readme
https://github.com/containers/bubblewrap
https://www.karltarvas.com/macos-app-sandboxing-via-sandbox-exec.html https://github.com/ocaml/opam/blob/master/src/state/shellscripts/sandbox_exec.sh
Maybe we could sandbox all our tests? Rust code is no less capable than bash code of wreaking havoc :)
bash
Currently,
cargo test readme
extracts BASH scripts from readme files and run them without sandboxing. This is ok but also a bit scary. We may want to use some (light) sandboxing depending on the execution platform.https://github.com/containers/bubblewrap
https://www.karltarvas.com/macos-app-sandboxing-via-sandbox-exec.html https://github.com/ocaml/opam/blob/master/src/state/shellscripts/sandbox_exec.sh