I wanted to build an Elixir application that can run Elixir code provided by users and return the results. Maintaining security is critical for an application like this, since I could be running some evil codes written by diabolical mastermind residing in the scary trench of Internet. I’ve never done something like this before, so I had to research extensively for a good solution.
Unfortunately there does not seem to be a perfect solution, as always. After considering tradeoffs, I chose to settle for Docker container with some security options. I think it’s a reasonably secure and reasonably performant option for my use case. This blog post is a journal of what I’ve learned while building the application.
I am by no means an expert in this matter, so read this as not as a survey of technology but as a personal journal. I do welcome correction and additional resources to better my understanding. And if you want an overview of sandboxing technology landscape, I recommend Sandboxing landscape by Marek (@majek04). It’s a broad, up-to-date, and also well-written article as much as I can tell.