Vms?

Is there any way to create a completely isolated environment inside the default shell.
Eg.
Restricted file system
Different loaded Apis
Restricted peripherals
Etc.

Edit: Also, not affecting the host program

Solution 1.
well you would probably want to create an environment that modifys default functions eg.

env = {fs = nil} --# disables fs API do so until all apis you want blocked are modified

and then you would want to override os.run like so

local run = os.run
os.run = function(enviroment,path,...)
  tArgs = {...}
  run(env,path,unpack(tArgs))
end

now that should overwrite os.run(used to run programs) to use your environment but note that all programs will share this environment
Solution 2.
Instead of doing this you could modify those functions directly in _G ( which all programs have acsess to)

Another one: load the file manually and set its environment to some custom table:

local pfunc = loadfile(path)
setfenv(pfunc, _G) -- something like this
pcall(pfunc --[[arguments]])

VMs? <_>

Try this untested code:

fs.makeDir(".sandbox")
term.clear()
term.setCursorPos(1, 1)
print( os.version() ) -- Print the CraftOS version.
print("VM loaded.")
function restrictAPI(api)
env = {api = nil} -- copied from few posts above.
end
-- Sandbox code below.
shell.setDir(".sandbox")
-- Untested code below
env = {shell.setDir = nil}

Not even remotely close to being sandboxing.

From post above lyqyd

Try this untested code:

fs.makeDir(".sandbox") --# okay make a directory
term.clear()
term.setCursorPos(1, 1) --# clear screen and set cursor to 1,1
print( os.version() ) -- Print the CraftOS version.
print("VM loaded.")
function restrictAPI(api) --# create a function
env = {api = nil} -- copied from few posts above. my Comment > creates a table called env with api evaluating to nil, this is never used and is just a table taking up space
end
-- Sandbox code below.
shell.setDir(".sandbox") --# set the directory
-- Untested code below
env = {shell.setDir = nil} --# create another random table called env

[

jay5476, on 26 November 2013 - 04:32 AM said:

From post above lyqyd

Try this untested code:
*snip*

Erm, nope.
You'd have to override the FS api. Take a look at chrootapi: http://pastebin.com/hMT7NYiQ
I've used this to try and break silent viruses and in my Quartz OS.

Lyqyd, on 23 November 2013 - 08:44 PM said:

Not even remotely close to being sandboxing.

Im not too good at coding, so I would suggest trying to use rednet for sandboxing. You could have a client which can access the server which makes the vm's. The server will have modified API's so programs cannot edit outside the vm's directory. Each VM is locked with a password, to prevent other users from tampering with other people's vms. The data sent over rednet is encrypted, and is NOT broadcasted. It is instead sent to ONLY the server ID. The data of the VM is sent back and forth over rednet, and is encrypted, and is not broadcasted.

Wow that's a good idea if someone was to implement it since the server would practically run everything and nothing reaqlly harmful could be done to the client

RabbidMeow120, on 27 November 2013 - 10:55 AM said:

-snip-

It doesn't matter if you want to broadcast the message or not, since the new modem system will broadcast it anyway. Some messing with the modem API, and you can find out what computer A sent to computer B without touching any of them, and you can even make computer A believe that computer B sent something. This is what I mean.

RabbidMeow120, on 27 November 2013 - 04:48 PM said:

rednet.send(1, "stuff here")

modem.open(1)
event, side, recepientID, senderID, message = os.pullEvent("modem_message")

modem.transmit(senderID, recepientID, "I'm replying to that message I intercepted while pretending to be computer 1!")

Random thing, but would it be possible to disable _G?

My code:

env1 = { _G = nil }

1. Disabling _G is possible but will turn the computer off immediatly
2. People cat just change an enviroment like

env ={}

jay5476, on 27 November 2013 - 11:30 PM said:

1. Disabling _G is possible but will turn the computer off immediatly
2. People cat just change an enviroment like

env ={}

Im trying to make an antivirus which disables _G with certian programs with a anti-exploit.

DO NOT DISABLE _G
Read this: http://www.lua.org/pil/14.3.html
I suggest you learn enviroments better ( I dont claim to know them that well either ) but what i would suggest is an enviroment that simply does not have averse to _G but without basic functions that nearly every program depends on (eg. print) the computer will shut down with no warning or error message
( since it cannot print )
Maybe a soloution is this

f = fs.open(filename,"r")
content = f.readAll()
f.close()
env = {print = _G.print} -- etc.
program,err = loadstring(content)
if program then 
  setfenv(program,env)
program()
else
  print(err)
  error()
end

PM me if you need help with this, ill be glad to hel you out