Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Most of the sandboxing just comes from using embedded Lua and only whitelisting a small number of functions. We also do a little process-level isolation to prevent runaway processes.


Nice, It would be awesome if one could get full capability of a programming language. I have been planning to build something like this but was stuck because of the sandboxing issue.


You could spawn BSD jails, each subject to cpu, ram and disk quotas.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: