tarcieri
commented
5 years ago There are many different approaches to sandboxing this crate could potentially take. I would suggest discussion of significantly different approaches (e.g. virtual machines) happen on the Determine project goals (#3) issue, and suggest this PR focus specifically on whether or not gaol is the correct path forward here.
I will provide a quick list of pros/cons for gaol:
Pros
- Maintained by the Servo team - already important infrastructure
- Written in Rust
- Decent cross-platform support
- Decent support for OS sandboxing APIs (e.g. seccomp and namespaces on Linux)
Cons
- Relatively immature (e.g. has not been audited or heavily attacked in the wild)
- Hasn't seen a release in 2 years - still maintained? (lots of merged PRs at least, last one in Feb 2019)
alex
This commit signals the intent of this project to explore
gaolas the mechanism by which builds are sandboxed:https://github.com/servo/gaol
The README.md for
gaolcarries the following warning:However, cursory review of gaol's source code shows it's a relatively simple cross-platform sandboxing solution which provides pure Rust wrappers for the underlying OS facilities sandboxing solutions should be leveraging.
As
gaolis used by Servo, it's something the Rust team is probably already familiar with, which increases the chances of upstreaming a sandboxing solution into Cargo proper, a potential goal for this project.