App-EvalServerAdvanced
2 results

 view release on metacpan or  search on metacpan

README.pod  view on Meta::CPAN 


The chroot is accompanied by a private mounted tmpfs filesystem.  This allows a safe writable /tmp that won't be seen by anyone else.
The evaluated code is placed in it's own PID space.  This helps prevent it from sending signals to anything else that might be running.

=item Use of Seccomp

More featureful sandboxing with Seccomp rules.  This helps prevent anything running from issuing any potentially dangerous system calls.

=item Formal network protocol.

You can send multiple requests per connection, and wait on them asynchronously.
This helps enable better scheduling and handling of batch actions, and allows you to cancel inflight requests.
This also allows the cancelling, by the client, of a long running job while it's running.

=back

=head1 USE

You're going to want to review at least the source of L<App::EvalServerAdvanced::Sandbox> and L<App::EvalServerAdvanced::Seccomp>.
These two modules are responsible for most of the security features of the whole system.  Familiarity with them is HIGHLY recommended.

lib/App/EvalServerAdvanced.pm  view on Meta::CPAN 


The chroot is accompanied by a private mounted tmpfs filesystem.  This allows a safe writable /tmp that won't be seen by anyone else.
The evaluated code is placed in it's own PID space.  This helps prevent it from sending signals to anything else that might be running.

=item Use of Seccomp

More featureful sandboxing with Seccomp rules.  This helps prevent anything running from issuing any potentially dangerous system calls.

=item Formal network protocol.

You can send multiple requests per connection, and wait on them asynchronously.
This helps enable better scheduling and handling of batch actions, and allows you to cancel inflight requests.
This also allows the cancelling, by the client, of a long running job while it's running.

=back

=head1 USE

You're going to want to review at least the source of L<App::EvalServerAdvanced::Sandbox> and L<App::EvalServerAdvanced::Seccomp>.
These two modules are responsible for most of the security features of the whole system.  Familiarity with them is HIGHLY recommended.



( run in 0.279 second using v1.01-cache-2.11-cpan-05444aca049 )