The idea is to make some public webserver "Erlang Playground" where anybody can run Erlang code without crashing the system (i.e. limited or maybe no file acces at all, no access to "system" erlang functions which can make emulator unstable). So VMWare and file acces rights are not the right ways because some source code "filtering" should be done. So I'll check what could be done in Erlhive.
<br><br>Thanks<br><br><div><span class="gmail_quote">On 12/3/06, <b class="gmail_sendername">Ulf Wiger</b> <<a href="mailto:firstname.lastname@example.org">email@example.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Den 2006-12-03 15:05:06 skrev Kirill Zaborski <<a href="mailto:firstname.lastname@example.org">email@example.com</a>>:<br><br>> What do you think is the best way to implement a sandbox<br>> for Erlang emulator?<br><br>I'd say that depends on what you want to do, more specifically.
<br><br>> Actually I want to restrict access to the file system,<br>> network (and maybe something else) from the code running<br>> inside the emulator. Is Erlhive a suitable tool for it?<br><br>Erlhive doesn't restrict the emulator, but rather restricts
<br>what you can do in your programs. Currently, it also carries<br>the overhead of mnesia transactions. The code transformation<br>could probably be separated, but that hasn't been done yet.<br><br>Without knowing more, it's difficult to say whether Erlhive
<br>would be a good choice. It assumes some kind of authenticating<br>front-end (the example code is Yaws-based). Erlhive ought to<br>be a suitable sandbox for a data driven web application.<br><br>> The only other way I see to do this is to run the emulator
<br>> under the user with minimal privileges.<br>> Any other ideas?<br><br>You could run a VMWare appliance - e.g. an Ubuntu image with<br>erlang installed. This would give you a sandbox without<br>limiting what can be done in the Erlang/OTP environment.
<br>It will carry some overhead, though.<br><br>BR,<br>Ulf Wiger<br>--<br>Ulf Wiger<br></blockquote></div><br>