How to run java code in a restricted sandbox (without network, filesystem access)

About

Asked 8/2, 2012 at 11:32 Answered 27/7, 2015 at 18:45

Say some programmer gives me an executable jar (from Java code) along with the entry point to use. I want to run this jar (programmatically) from Java code in a restricted sandbox environment with no network or filesystem access or database access and a fixed amount of CPU and memory. I.e., the Java code should not cause any side effects on other programs running on the my jvm.

Ideally I would like to allow certain access based on situation (say for example, only files in a certain directory with quota).

Richmond answered 8/2, 2012 at 11:32 Comment(1)

Did you read this ? #2868247 – Weise 8/2, 2012 at 11:36

IMPORTANT — since Java 17 policy files and security manager have been deprecated and marked for removal. Here is a blog post explaining how to handle sanboxing post security manager.

You can control the environment using policy files http://docs.oracle.com/javase/1.4.2/docs/guide/security/PolicyFiles.html#Examples (archived version @archive.org)

you could run then run your jar

java -Djava.security.manager -Djava.security.policy=/path/your_policy_file.policy -jar

Azov answered 8/2, 2012 at 11:42 Comment(1)

So is it possible to do as follows: run my program with full access and then load the jar programatically with restrictions – Richmond 8/2, 2012 at 18:43

This page describes the process in detail:

(archived) http://web.archive.org/web/20160401020824/http://www.jayway.com/2014/06/13/sandboxing-plugins-in-java/

Wireless answered 27/7, 2015 at 18:45 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags