Can you run a sandbox container within a Cloud Run container?

Question

Let's say I would to let the user upload some python or bash script, execute it in the cloud run and get the result back. To do this I would create a Cloud Run service with a service account that has no permissions to access project resources. I would as well run the script within the nested container so the user cannot interfere with the server code and manipulate consecutive requests from other users.

How would I make gvisor runsc or some other sandbox runtime available within the container running on Cloud Run?

I found some resources mentioning using the privileged flag on the original container, but that is not possible with Cloud Run. Also, I cannot find any information on how to run rootless containers with runsc. Let me know if I am on the right track or if this is even possible with cloud run or should I use another service?

Thank you.

Answer 1

Currently Cloud Run (fully managed) itself runs on a gVisor sandbox itself, so its support for low-level Linux APIs for creating further container environments using cgroups or Linux namespace APIs are probably not going to be possible.

However, since gVisor is technically an user-space sandboxing technology (though I'm not sure what level of privileges it requires), you might be able to run a gVisor sandbox inside gVisor, though I would not hold my hopes high as it's probably not designed for that. I'm guessing that gVisor sandbox does not provide ptrace capabilities for nested sandboxes to work, though you can probably ask this on gVisor’s own GitHub repository.

For a use case like this, I recommend checking out Cloud Run for Anthos on GKE, it's a similar developer experience to Cloud Run, but runs your applications on GKE nodes (which are GCE VMs) which have full Linux system call suite available to them. Since Kubernetes podspec is available there, you can actually create privileged containers, and run VMs inside them etc.

Usually containers themselves are supposed to be the sandbox, so attempting to create further sandboxes (like you asked earlier) is going to be a lot of platform-dependent work, even if you can get it running somehow.