Sandboxed Apps

Quick Question:

Let's say I'm trying to create a system like Docker (of course that's not what I am doing) and wanted to transport container images (completely not what I am doing). I am attempting to create a sandboxed platform that is similar to the Linux distribution of application containers.

Could someone give a quick run through some ideas or instruction on creating a sandboxed environment?

Thanks.

Exactly how "sandboxed" do you want it? Are you talking about file system sandboxing, memory sandboxing, events…?

Le idea:

Run a program kinda like a vm. It has its own little world to work in. Now like in VMWare you can pause machines. Theoretically, I'd like to have a proprietary app running a parallel thread with said vm. I'd like to be able to save a program state (some use of coroutines) be able to turn off a computer, then reimport to resume the operation. All instantiated variables from the prior runtime would be loaded into the global space so that the new running instance of that same program can pickup from where it was paused. All without missing a beat

Theoretically.

You will have to use setfenv() in combination with a modified fs API

Heres my code:

oldfs = fs --first save the old fs
local newfs = {} --create the new fs

redpath = "/anything" --the path you want to use(in your case: "vms/"..name or something like this)
newfs["list"] = function(path) --newfs.list(path) WILL NOT check if a path is given
  if path:sub(1,1) == "/" then -- remove the slash
	path = path:sub(2,#path)
  end
  path = redpath.."/"..path --set the new path(e.g. "/"  -> "vms/MyFirstOne/", for listing in /
  return oldfs.list(path) --doing the list
end
env = { --creating the new envirement, only added print() and write() all other function now have to use term.blablabla() but I think print() and write() are the only ones who are accesable without term.
  fs = newfs, --replace fs
  term = _G, --set the term
  print = _G.print, --print()
  write = _G.write --write()
}
function test() --the function with the modified fs
  list = fs.list("/") --simply lists /
  for i = 1,#list do --and shows it
	print(list[i])
  end
end
setfenv(test, env) --set the new fs
test() --runs the function

Idk why

for i,v in pairs(fs.list) do
  --code
end

doesnt work. But I think you have to use term.pairs, but I am not sure, sorry.

The code just redirects fs.list at the moment but all other function are the same.

Hope i helped

EDIT: 2 things I have to say now:

1.replace

setfenv(test, env)

with

setfenv(test, setmetatable({fs = newfs}, {__index = _G})

2.Theres a problem: if the program or function you run, starts a new program(with shell.run()) this new program will use the normal file system again(If it launches, you have to say shell.run("completepathwithoutredirection") to start it, anyone who knows a fix?

Luca0208, on 20 December 2014 - 03:54 PM said:

for i,v in pairs(fs.list) do
  --code
end

Maybe because you're using it wrong there? :P/>

for i, v in ipairs( fs.list("/") ) do
	-- do something
end

It shouldn't matter if you're using ipairs or pairs in this loop because it returns a table with numeric indexes.