It is a great pleasure that my 4 hour hack last night lets me now introduce: Sunaba the perl sandbox environment to run any PSGI/Plack applications.

Since we started the Plack project, it has always been my hope that someday we can port this PSGI interface on the "Cloud" infrastructure like Google AppEngine or Heroku for Ruby Rack applications.

The hardest part to implement that is to create a sandbox perl runtime environment, and fortunately Dan Kogai did the hardest part already. Like an year ago he created this lleval API which runs your code in a sandbox (chroot + FreeBSD ptrace) and Shibuya.pm folks tried to jailbreak it, with some interesting results. You can read the slides how he implemented this sandbox.

I wouldn't say this is completely secure, but it works pretty well - you can't open local files, run arbitrary XS code nor system("rm -fr /"). while(1) would be killed in 1 second timeout. Meanwhile there are some popular modules besides core modules installed such as LWP, YAML and JSON.

My Sunaba application is just a web frontend with Tatsumaki + Twiggy + SQLite, that basically allows you to create and edit applications on the browser, as well as a runner PSGI application that serializes the current PSGI $env and sends it into Dan's box to get the response back.

All the service restrictions apply, and NO WARRANTY. But it's a good playground to toy with the PSGI interface. Well, Sunaba means "sandbox" in Japanese so you can play and make your hands dirty :)

I can think of more enhancements to this, such as minimal/tiny framework support (i wonder what's the source code size limit of Dan's service - maybe 8K or something?) and the ability to install middleware components etc. etc. Also, for now Kogai-san's server is the best I can think of, but theoretically we can run the apps on other sandbox environments such as CodePad or Ideone. The only difference is that Kogai-san is my friend and it's less likely to be banned for the excessive use :)

Frequently Asked Questions