bootstrap: add --sandbox bootstrap argument

yorkie commented 6 years ago

What's the sandbox?

ShadowNode should be able to run a script in sandbox mode, which means the modules the script can access should be restricted. Within this feature, every defined application could run in a safe environment for the host.

Permissions

A sandbox should own the following permissions:

--allow-fs the script can use file system.
--allow-net the script can use networking API.
--allow-tls the script can use TLS API.
--allow-fork the script can use Child Process API to fork/exec sub-processes.
--allow-global-module the script can load global modules.
native module (.node) are always disabled.

By default, if it starts with iotjs --sandbox, the above permissions are not enabled. To enable one or more of them, you should append the params before the script like the below:

$ iotjs --sandbox --allow-fs ./fs-script.js

/cc @legendecas @algebrait @lolBig

algebrait commented 6 years ago

If consider native code through NAPI, libc or even system call should be customized.

yorkie commented 6 years ago

Customized libc/syscall are such heavy works, so let's always disable loading from .node.

yodaos-project / ShadowNode

bootstrap: add --sandbox bootstrap argument #153