Python wrapper for Google's nsjail sandboxing tool

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for teaguesterling from gravatar.com teaguesterling

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags container , isolation , nsjail , sandbox , security
  • Requires: Python >=3.12
  • Provides-Extra: dev , proto
Classifiers
Report project as malware

Project description

nsjail-python

Python wrapper for Google's nsjail sandboxing tool

PyPI Python Version License: MIT

Installation

pip install nsjail-python

Optional extras:

pip install nsjail-python[proto]   # Enable protobuf validation
pip install nsjail-python[system]  # Use system-provided nsjail
pip install nsjail-python[build]   # Build nsjail from source

Quick Start

Low-level: NsJailConfig dataclass

from nsjail import NsJailConfig, MountPt, Exe

cfg = NsJailConfig(
    hostname="sandbox",
    time_limit=30,
    mount=[MountPt(src="/", dst="/", is_bind=True, rw=False)],
    exec_bin=Exe(path="/bin/sh", arg=["-c", "echo hello"]),
)

Mid-level: sandbox() preset

from nsjail import sandbox

cfg = sandbox(
    command=["python", "script.py"],
    memory_mb=512,
    timeout_sec=60,
    writable_dirs=["/workspace", "/tmp"],
)

High-level: Jail() fluent builder

from nsjail import Jail

cfg = (
    Jail()
    .sh("pytest tests/ -v")
    .memory(512, "MB")
    .timeout(60)
    .readonly_root()
    .writable("/workspace")
    .writable("/tmp", tmpfs=True, size="64M")
    .no_network()
    .build()
)

Serialization

from nsjail.serializers import to_textproto, to_cli_args, to_file

# Protobuf text format (for --config flag)
print(to_textproto(cfg))

# CLI arguments
args = to_cli_args(cfg, on_unsupported="skip")

# Write to file
to_file(cfg, "sandbox.cfg")

Running nsjail

from nsjail import Runner, Jail

runner = Runner(
    base_config=Jail()
        .command("python", "-m", "pytest")
        .memory(512, "MB")
        .timeout(300)
        .readonly_root()
        .writable("/workspace")
        .build(),
)

result = runner.run(extra_args=["tests/unit/", "-x"])
print(result.returncode, result.stdout)

Documentation

Full documentation is available at nsjail-python.readthedocs.io.

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for teaguesterling from gravatar.com teaguesterling

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Tags container , isolation , nsjail , sandbox , security
  • Requires: Python >=3.12
  • Provides-Extra: dev , proto
Classifiers

Release history Release notifications | RSS feed

0.5.1

0.4.0

0.3.0

0.2.0

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nsjail_python-0.1.0.tar.gz (68.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

nsjail_python-0.1.0-py3-none-any.whl (19.7 kB view details)

Uploaded Python 3

File details

Details for the file nsjail_python-0.1.0.tar.gz.

File metadata

  • Download URL: nsjail_python-0.1.0.tar.gz
  • Upload date:
  • Size: 68.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for nsjail_python-0.1.0.tar.gz
Algorithm Hash digest
SHA256 ae5d9db78275b98df5ceca045d9b5f93a9f3e0d3fb929e9b8cedb735c008e8d6
MD5 23e0a2f439e9c2c3ada42e2ec703a271
BLAKE2b-256 a67585de705611270c1cf3f292af6a3cec06b3620f9d86ad30f1b48d99daf03d

See more details on using hashes here.

Provenance

The following attestation bundles were made for nsjail_python-0.1.0.tar.gz:

Publisher: publish.yml on teaguesterling/nsjail-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file nsjail_python-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: nsjail_python-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 19.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for nsjail_python-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d0ac6899d1bc341b8453485caa6007f8fc6e1f1fb410165197ffdb4d91ff3759
MD5 047e92722dbcbb86ee6d28fca3afd7c8
BLAKE2b-256 10793fe4e43c79d2f09572387189914e6809cd6b0162f9cb39d40784a81d3e0e

See more details on using hashes here.

Provenance

The following attestation bundles were made for nsjail_python-0.1.0-py3-none-any.whl:

Publisher: publish.yml on teaguesterling/nsjail-python

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page