Skip to content

Question about GraalVM sandboxing features #3699

Answered by matneu
fabrice-ducos asked this question in Q&A
Discussion options

You must be logged in to vote

Hi Fabrice,

Wrt. to question 1: yes, this is definitely a use case we plan to support with GraalVM sandboxing features. As a matter of fact we already do that - if you go through the allow* methods in Context.Builder you can see that restricting filesystem access via a virtualized FS as well as disallowing creation of threads/processes is already supported.
Further, the enterprise resource limits allow you to put a cap on resources such as CPU time.

Wrt. to question 2: it is correct that at this point in time only Javascript fully supports restricting access entirely. Other language implementations still use native code e.g. for accessing files, but the plan is to move to managed code her…

Replies: 1 comment 1 reply

Comment options

You must be logged in to vote
1 reply
@fabrice-ducos
Comment options

Answer selected by fabrice-ducos
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants