ditch sandboxes for docker
DESCRIPTION
Replace sandboxes with Docker, using expendable containers to let untrusted users execute whatever they want without putting anything at riskTRANSCRIPT
LESSONS IN HUBRIS
WHAT IS DOCKER?
���2
WHAT IS DOCKER?
• That awesome-looking whale we just saw
���3
WHAT IS DOCKER?
• That awesome-looking whale we just saw
• The Linux container engine (lightweight VMs)
���4
WHAT IS DOCKER?
• That awesome-looking whale we just saw
• The Linux container engine (lightweight VMs)
• Git (and, sort of, GitHub) for deployment
���5
LIFE BEFORE DOCKER• Install the right version of Java after four tries
• Download the leiningen script, run it
• Remember that you forgot to chmod +x it
• Run the leiningen script again
• Clone the project repo
• Follow the README, apt-get some stuff, copy some things
• Run the program���6
LIFE WITH DOCKER
���7
DOCKER IMAGES
���8
DOCKER IMAGES
���9
BUILD ON EXISTING IMAGES
���10
BUT WHAT CAN IT DO?
���11
ENTER LAZUBOT
���12
SANDBOXED EXECUTION
���13
SANDBOXES ARE LAME
���14
SANDBOXES ARE LAME
���15
• Executor cannot break the Zulip bot or access our secret
• Executor cannot access the Internet
• File system changes to the executor container are fine
• If the executor gets out of control, the master kills it
I PROMISED YOU HUBRIS
���16
DOCKER IN YO DOCKER
• Host runs Ubuntu
���17
Host
DOCKER IN YO DOCKER
• Host runs Ubuntu
• Lazubot runs in a Docker container
���18
Host
Master
DOCKER IN YO DOCKER
• Host runs Ubuntu
• Lazubot runs in a Docker container
• Lazubot creates child containers that execute arbitrary Clojure code
���19
Host
Master
Exec Exec
DOCKER IN YO DOCKER
• Host runs Ubuntu
• Lazubot runs in a Docker container
• Lazubot creates child containers that execute arbitrary Clojure code
���20
Host
Master
REWARD!
���21
REWARD!
���22
REWARD!
���23
LESSONS IN HUBRIS