Skip to main content

bubblewrap sandbox for insights components.

Project description

Insights Sandbox

Run rules with access only to necessary binaries and the archive working directory.

Strategy

  • Create a sandbox using bubblewrap (bwrap).
    • Enable only required linux namespaces (see man namespaces for more info).
  • Communicate with the sandbox using zeromq over named pipes.
    • zmq hides underlying buffer details (man 7 pipe for fifos).

Architecture

Client <-> runner adapter proxy <-> named pipes <-> [controller <-> runner adapter <-> runner]

The Client creates named pipes and a child process that uses bwrap to invoke insights_sandbox.consumer.

The client creates a RunnerAdapterProxy and configures it with zmq functions for sending and recieving messages over the pipes. The proxy is used to setup the Runner via the Controller and RunnerAdapter.

Installation

CentOS 7:
yum install epel-release
yum install bubblewrap

Fedora:
dnf install epel-release
dnf install bubblewrap

Both:
python3 -m venv .
. bin/activate
pip install -e .[develop]

Test an archive

./driver.py -p examples.rules <archive>

Example Code

#!/usr/bin/env python3
"""
This script is only for testing the sandbox.
"""
import argparse

from insights import dr, parse_plugins
from insights_sandbox.client import Client


def parse_args():
    p = argparse.ArgumentParser()
    p.add_argument("--plugins", "-p", help="plugins to load", default="")
    p.add_argument("archive", help="pass an archive to analyze.")
    return p.parse_args()


def main():
    args = parse_args()
    broker = dr.Broker()
    packages = parse_plugins(args.plugins)
    with Client(packages=packages) as client:
        doc = client.process(args.archive, broker=broker)
        print(doc["results"].decode("utf-8"))


if __name__ == "__main__":
    main()

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

insights-sandbox-0.1.0.linux-x86_64.tar.gz (16.0 kB view details)

Uploaded Source

Built Distribution

insights_sandbox-0.1.0-py3-none-any.whl (10.9 kB view details)

Uploaded Python 3

File details

Details for the file insights-sandbox-0.1.0.linux-x86_64.tar.gz.

File metadata

  • Download URL: insights-sandbox-0.1.0.linux-x86_64.tar.gz
  • Upload date:
  • Size: 16.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.7.7

File hashes

Hashes for insights-sandbox-0.1.0.linux-x86_64.tar.gz
Algorithm Hash digest
SHA256 f4bbd414540b16938f2675cd31f08c3a1fac1f4c31f2bf09831665793febd715
MD5 0a324e68c85b60e37a5ffea5f743651d
BLAKE2b-256 878f0d59f3c3bca89d430838ac3a64388682b2441010de7696d407fbbdcbd44a

See more details on using hashes here.

File details

Details for the file insights_sandbox-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: insights_sandbox-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 10.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.48.0 CPython/3.7.7

File hashes

Hashes for insights_sandbox-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 c77725687544587ad09486de035d61aee67bb5eb6a99415c82c71bac80b772f2
MD5 ad7295abbe0db8fc6ee77ed0bf9d04a8
BLAKE2b-256 f23332f439f6e3dd37d36e4b8789852f869bd3ec3c13033c4f7e45aa83791e5b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page