Website message overhaul
Adam D. Ruppe
destructionator at gmail.com
Mon Nov 14 20:50:54 PST 2011
Vladimir Panteleev wrote:
> How did you do the sandboxing?
I used setrlimit() in a single purpose VM.
Each process was limited in time, memory, files, disk space, etc.,
and then the whole VM was firewalled off, snapshotted, and given
resource limits.
Thus, even if someone got root, it's not a big deal. Worse case
is I'd just reset it and it'd return to a known good state.
For network, what I decided to do was allow most networking
on localhost, but restrict the VM from doing most everything
externally. So, they could play and I *think* it'd be harmless.
More information about the Digitalmars-d
mailing list