bubblewrap sandbox for insights components.
Project description
Insights Sandbox
Run rules with access only to necessary binaries and the archive working directory.
Strategy
- Create a sandbox using bubblewrap (bwrap).
- Enable only required linux namespaces (see
man namespaces
for more info).
- Enable only required linux namespaces (see
- Communicate with the sandbox using zeromq over named pipes.
- zmq hides underlying buffer details (
man 7 pipe
for fifos).
- zmq hides underlying buffer details (
Architecture
Client <-> runner adapter proxy <-> named pipes <-> [controller <-> runner adapter <-> runner]
The Client
creates named pipes and a child process that uses bwrap
to
invoke insights_sandbox.consumer
.
The client creates a RunnerAdapterProxy
and configures it with zmq
functions for sending and recieving messages over the pipes. The proxy is
used to setup the Runner
via the Controller
and RunnerAdapter
.
Installation
CentOS 7:
yum install epel-release
yum install bubblewrap
Fedora:
dnf install epel-release
dnf install bubblewrap
Both:
python3 -m venv .
. bin/activate
pip install -e .[develop]
Test an archive
./driver.py -p examples.rules <archive>
Example Code
#!/usr/bin/env python3
"""
This script is only for testing the sandbox.
"""
import argparse
from insights import dr, parse_plugins
from insights_sandbox.client import Client
def parse_args():
p = argparse.ArgumentParser()
p.add_argument("--plugins", "-p", help="plugins to load", default="")
p.add_argument("archive", help="pass an archive to analyze.")
return p.parse_args()
def main():
args = parse_args()
broker = dr.Broker()
packages = parse_plugins(args.plugins)
with Client(packages=packages) as client:
doc = client.process(args.archive, broker=broker)
print(doc["results"].decode("utf-8"))
if __name__ == "__main__":
main()
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file insights-sandbox-0.1.0.linux-x86_64.tar.gz
.
File metadata
- Download URL: insights-sandbox-0.1.0.linux-x86_64.tar.gz
- Upload date:
- Size: 16.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.7.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | f4bbd414540b16938f2675cd31f08c3a1fac1f4c31f2bf09831665793febd715 |
|
MD5 | 0a324e68c85b60e37a5ffea5f743651d |
|
BLAKE2b-256 | 878f0d59f3c3bca89d430838ac3a64388682b2441010de7696d407fbbdcbd44a |
File details
Details for the file insights_sandbox-0.1.0-py3-none-any.whl
.
File metadata
- Download URL: insights_sandbox-0.1.0-py3-none-any.whl
- Upload date:
- Size: 10.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.7.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | c77725687544587ad09486de035d61aee67bb5eb6a99415c82c71bac80b772f2 |
|
MD5 | ad7295abbe0db8fc6ee77ed0bf9d04a8 |
|
BLAKE2b-256 | f23332f439f6e3dd37d36e4b8789852f869bd3ec3c13033c4f7e45aa83791e5b |