a restricted code execution framework
JavaScript CSS Go Shell HTML Ruby
Latest commit dd25221 Oct 3, 2016 @codekitchen codekitchen upgrade clojure to 1.8.0
Change-Id: I43813b9663067fec197516ec99f3b6460b8b8baa
Permalink
Failed to load latest commit information.
Godeps update ubuntu, go and dockerclient Sep 27, 2016
config upgrade clojure to 1.8.0 Jan 16, 2017
deploy support tags other than "latest" Oct 3, 2016
engine
errorlog add sentry error reporting Jul 28, 2015
files/etc/apparmor.d upgrade clojure to 1.8.0 Jan 16, 2017
handlers wait for messages to be written before closing the websocket Dec 17, 2015
languages upgrade clojure to 1.8.0 Jan 16, 2017
public/api
vendor update ubuntu, go and dockerclient Sep 27, 2016
.dockerignore websocket protocol Dec 8, 2015
.gitignore
COPYRIGHT
Dockerfile update ubuntu, go and dockerclient Sep 27, 2016
LICENSE initial commit Sep 12, 2011
README.md publish containers to the public registry Dec 10, 2015
Vagrantfile
build.sh switch ELB to TCP listener Dec 14, 2015
build_ami.sh use cloudformation to set enviornment variables Aug 5, 2015
main.go improve the ws shutdown behavior Dec 11, 2015
run-dev.sh update ubuntu, go and dockerclient Sep 27, 2016
server.go
straitjacket-setup.sh publish containers to the public registry Dec 10, 2015

README.md

StraitJacket 2.0

This web application is a (hopefully) safe and secure remote execution environment framework. It builds on top of Docker and Linux' AppArmor system calls and as such won't be able to run on any other operating system.

The end goal is to be able to run someone else's source code in any (configured) language automatically and not worry about hax.

Design

StraitJacket comes with a number of predetermined AppArmor profiles, and docker containers built for each supported language. When StraitJacket gets an incoming request to run some code, it will launch that container with the AppArmor profile applied.

AppArmor really does all the heavy lifting. For more information please see AppArmor's wiki. A big thanks to Immunix and the subsequent AppArmor team!

API

The API has two calls:

GET /info
POST /execute

There is also a more advanced websocket API at GET /executews.

You can view the API documentation directly from github at http://petstore.swagger.io/?url=https://raw.githubusercontent.com/instructure/straitjacket/master/public/api/2015-07-14.yml though you'll need to spin up an instance of straitjacket to actually perform API calls from that page.

Installation

Development

There is a Vagrantfile provided for developing Straitjacket. Run vagrant up to build the image.

To run straitjacket locally for development, ssh into the VM with vagrant ssh and run:

cd straitjacket
sudo ./straitjacket-setup.sh
./run-dev.sh

This will listen on port 8081, which is forwarded to the host machine.

You'll need to re-run straitjacket-setup.sh any time you add/modify a language apparmor profile or docker image. New docker images need to be added there, as well.

To run the language tests (sanity checks) defined in the config .yml files, run:

./run-dev.sh --test

AMI

You can build an AWS AMI using Packer by calling the build_ami.sh build script. You'll need to modify packer.json for your VPC and subnet IDs.

A pre-built AMI may be made public later.

License

StraitJacket is released under the AGPLv3. Please see COPYRIGHT and LICENSE.