🍂Mar 23, 2018
@KitRedgrave @catoutofbed @not_on_pizza it is; I use Docker in CI for pretty much this reason

unfortunately, the heft of those images makes it really inconvenient and sometimes useless for some applications. like right now I have a problem where I want to sandbox youtube-dl, but doing so via a docker image is out of the question -- the image would be bigger than the app calling youtube-dl
Show threadGaelan SteeleMar 23, 2018
@ninjawedding were you using something like busybox? Is that still too big?
Show thread🍂Mar 23, 2018
@Gaelan I haven't yet tried Alpine or Busybox, but even if that ends up being an acceptable size I still don't think I can use Docker as a sandboxing mechanism.

this application I'm talking about also runs on Windows and macOS, and while you can run Docker on those platforms, it's really aimed at software developers, not computer users as a whole
Show threadGaelan Steele
@ninjawedding Ah yeah. Linux VM on macOS might be a *bit* overkill :)
Mar 23, 2018 at 6:09amWeb
Show thread🍂Mar 23, 2018
@Gaelan I've been looking for a cross-platform process spawning + sandboxing library -- something that supports Windows, macOS, Linux are my initial goals; support for FreeBSD would be good too but not required out of the gate

I know about gaol, which seems like a good start for Rust applications; however, outside of that it seems like the answer is "go study Chromium and Gecko code, https://www.youtube.com/watch?v=gjVmeKWOsEU"

it's a bit daunting; I have to remind myself that those sandboxes are the result of years of iteration
StarFox Snes - Good Luck !

YouTube