* Landlock support landed into Emilua
@ 2023-12-04 11:55 Vinícius dos Santos Oliveira
2023-12-05 6:09 ` Günther Noack
0 siblings, 1 reply; 3+ messages in thread
From: Vinícius dos Santos Oliveira @ 2023-12-04 11:55 UTC (permalink / raw)
To: landlock
Emilua 0.5.0 was released with Landlock support:
https://docs.emilua.org/api/0.5/changelog.html
Emilua is an execution engine with support for async IO for LuaJIT. It
allows the creation of concurrent Lua programs. It also supports
running separate Lua VMs for extracting parallelism.
Starting from the previous version, it added the ability to spawn Lua
VMs in their own processes isolated in their own Linux namespaces for
sandboxing purposes. However Linux namespaces are too convoluted and
it became clear how inappropriate they really are to just create
sandboxes.
Starting from the just newly released version, Landlock and Capsicum
were added as alternatives to Linux namespaces.
--
Vinícius dos Santos Oliveira
https://vinipsmaker.github.io/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Landlock support landed into Emilua
2023-12-04 11:55 Landlock support landed into Emilua Vinícius dos Santos Oliveira
@ 2023-12-05 6:09 ` Günther Noack
2023-12-09 12:02 ` Vinícius dos Santos Oliveira
0 siblings, 1 reply; 3+ messages in thread
From: Günther Noack @ 2023-12-05 6:09 UTC (permalink / raw)
To: Vinícius dos Santos Oliveira; +Cc: landlock
Hello Vinícius,
On Mon, Dec 04, 2023 at 08:55:41AM -0300, Vinícius dos Santos Oliveira wrote:
> Emilua 0.5.0 was released with Landlock support:
> https://docs.emilua.org/api/0.5/changelog.html
>
> Emilua is an execution engine with support for async IO for LuaJIT. It
> allows the creation of concurrent Lua programs. It also supports
> running separate Lua VMs for extracting parallelism.
>
> Starting from the previous version, it added the ability to spawn Lua
> VMs in their own processes isolated in their own Linux namespaces for
> sandboxing purposes. However Linux namespaces are too convoluted and
> it became clear how inappropriate they really are to just create
> sandboxes.
>
> Starting from the just newly released version, Landlock and Capsicum
> were added as alternatives to Linux namespaces.
This looks great, thanks for sharing!
I am not very proficient in Lua, but I a appreciate your well-written
introduction into sandboxing in your documentation (and also that you
are quoting Xkcd 1200 ;-))
Please do not hold back feedback if you run into any surprises or
questions!
–Günther
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Landlock support landed into Emilua
2023-12-05 6:09 ` Günther Noack
@ 2023-12-09 12:02 ` Vinícius dos Santos Oliveira
0 siblings, 0 replies; 3+ messages in thread
From: Vinícius dos Santos Oliveira @ 2023-12-09 12:02 UTC (permalink / raw)
To: Günther Noack; +Cc: landlock
Em ter., 5 de dez. de 2023 às 03:09, Günther Noack
<gnoack3000@gmail.com> escreveu:
> Please do not hold back feedback if you run into any surprises or
> questions!
I'm just waiting for the ability to have more isolation so I can use
it in serious applications.
So far the API has been looking good, and I liked seeing Capsicum
plans in the roadmap.
--
Vinícius dos Santos Oliveira
https://vinipsmaker.github.io/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-12-09 12:02 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-04 11:55 Landlock support landed into Emilua Vinícius dos Santos Oliveira
2023-12-05 6:09 ` Günther Noack
2023-12-09 12:02 ` Vinícius dos Santos Oliveira
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.