如何在受限制的沙箱中运行Java代码(无网络，文件系统访问权限) [英] How to run java code in a restricted sandbox (without network, filesystem access)

问题描述

说一些程序员给了我一个可执行的jar(来自Java代码)以及要使用的入口点.我想在没有网络或文件系统访问权限或数据库访问权限以及固定数量的CPU和内存的受限沙箱环境中从Java代码运行(以编程方式)此jar.也就是说，Java代码不会对在我的jvm上运行的其他程序造成任何副作用.

Say some programmer gives me an executable jar (from Java code) along with the entry point to use. I want to run this jar (programmatically) from Java code in a restricted sandbox environment with no network or filesystem access or database access and a fixed amount of CPU and memory. I.e., the Java code should not cause any side effects on other programs running on the my jvm.

理想情况下，我想根据情况允许某些访问(例如，仅允许访问具有配额的某个目录中的文件).

Ideally I would like to allow certain access based on situation (say for example, only files in a certain directory with quota).

推荐答案

您可以使用策略文件控制环境 http://docs.oracle.com/javase/1.4.2/docs/guide/security/PolicyFiles.html#Examples (

You can control the environment using policy files http://docs.oracle.com/javase/1.4.2/docs/guide/security/PolicyFiles.html#Examples (archived version @archive.org)

您可以先运行然后再运行jar

you could run then run your jar

java -Djava.security.manager -Djava.security.policy =/path/your_policy_file.policy -jar

这篇关于如何在受限制的沙箱中运行Java代码(无网络，文件系统访问权限)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！