Post AYVKgzjrsvSdCDmkBE by thadguidry@mastodon.social
 (DIR) More posts by thadguidry@mastodon.social
 (DIR) Post #AYUroHKE04Ql5zuaDQ by vrandecic@mas.to
       2023-08-07T09:09:36Z
       
       0 likes, 0 repeats
       
       Hey @simon  - I just stumbled upon https://til.simonwillison.net/webassembly/python-in-a-wasm-sandbox but then a few months later in https://til.simonwillison.net/deno/pyodide-sandbox you say you still are looking for a solution for the problem of sandboxing Python. I am super curious, why did you discard the first approach? It seemed promising, and you seemed to have gotten it to work. I would be thankful for an answer.
       
 (DIR) Post #AYUroI7r1Y85Zv8DZY by simon@fedi.simonwillison.net
       2023-08-07T19:13:59Z
       
       0 likes, 0 repeats
       
       @vrandecic I'm interested in as many options for sandboxing as possibleWASM is a good lead but it rules out a bunch of Python libraries that aren't available in WASM shape yet
       
 (DIR) Post #AYUvbCpLoOb3CJUbMO by vrandecic@mas.to
       2023-08-07T19:58:44Z
       
       0 likes, 0 repeats
       
       @simon ah, yes. Every python library with C code needs to be compiled to Wasm first.
       
 (DIR) Post #AYVKgzjrsvSdCDmkBE by thadguidry@mastodon.social
       2023-08-07T23:11:58Z
       
       0 likes, 0 repeats
       
       @vrandecic @simon would not a JVM virtual machine like GraalPy help perhaps with a sandbox policy?  Probably could ask the Graal experts https://www.graalvm.org/latest/security-guide/polyglot-sandbox/
       
 (DIR) Post #AYVKh0feQ5gK5QotFI by simon@fedi.simonwillison.net
       2023-08-08T00:40:04Z
       
       0 likes, 0 repeats
       
       @thadguidry @vrandecic oh wow, I hadn't thought to look at the Java ecosystem - the thing I most want is robust restrictions on the amount of memory and CPU used, and it looks like that is supported there