Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to run java code in a restricted sandbox (without network, filesystem access)

Tags:

java

sandbox

Say some programmer gives me an executable jar (from Java code) along with the entry point to use. I want to run this jar (programmatically) from Java code in a restricted sandbox environment with no network or filesystem access or database access and a fixed amount of CPU and memory. I.e., the Java code should not cause any side effects on other programs running on the my jvm.

Ideally I would like to allow certain access based on situation (say for example, only files in a certain directory with quota).

like image 751
Jus12 Avatar asked Feb 08 '12 11:02

Jus12


2 Answers

You can control the environment using policy files http://docs.oracle.com/javase/1.4.2/docs/guide/security/PolicyFiles.html#Examples (archived version @archive.org)

you could run then run your jar

java -Djava.security.manager -Djava.security.policy=/path/your_policy_file.policy -jar

like image 178
gt5050 Avatar answered Nov 04 '22 20:11

gt5050


This page describes the process in detail:

http://www.jayway.com/2014/06/13/sandboxing-plugins-in-java/

like image 24
codecodewut Avatar answered Nov 04 '22 19:11

codecodewut