For now, we have a sandboxed server that we can hit up from outside the sandbox with code and it will return a serialized walker object. e.g.
- receive Python encodings for Walkers as strings,
- generate the Walker in the sandboxed server,
- return the serialized walker to the caller.
Evaluation can in principle be done outside of the sandbox since the arbitrary code is only used for generating walklers, which are then safe.
- Install gVisor
- Make sure you have docker installed
pip install --user pipenv
for package managementpipenv shell
pipenv install
sudo runsc install
- Start docker -
service docker start
- Run
scripts/build.sh
whenever you make changes to server code. - Run
scripts/launch.sh
to launch the server in a sandboxed container.