Linux中的安全Python环境 [英] Safe Python Environment in Linux

问题描述

是否可以创建一种环境来在Linux下安全地运行任意Python脚本?这些脚本应该是从不受信任的人那里收到的，可能太大了，无法手动检查它们.

Is it possible to create an environment to safely run arbitrary Python scripts under Linux? Those scripts are supposed to be received from untrusted people and may be too large to check them manually.

一种非常强力的解决方案是创建虚拟机，并在每次启动不受信任的脚本后恢复其初始状态. (太贵了.)

A very brute-force solution is to create a virtual machine and restore its initial state after every launch of an untrusted script. (Too expensive.)

我想知道是否有可能限制Python访问文件系统以及与其他程序进行交互等等.

I wonder if it's possible to restrict Python from accessing the file system and interacting with other programs and so on.

推荐答案

考虑使用chroot监狱.这不仅非常安全，得到良好的支持和测试，而且还适用于您从python运行的外部应用程序.

Consider using a chroot jail. Not only is this very secure, well-supported and tested but it also applies to external applications you run from python.

这篇关于Linux中的安全Python环境的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！