Assuming this isn't an attempt to mine cryptocurrency on it :), here's what I did:
- Turn the Docker image into a Firecracker VM, I stole the idea from Fly.io [1]. Add all the trimmings like jailer and stuff, don't give it any network interfaces
- Run our own shim as PID 0 in the VM, which sets up a bunch of things to make the environment hermetic (time set to 1970, etc), and does some stuff with eBPF to monitor usage by the child process, and also enforces 1 minute timeout
- Run the jobs on a parent VM that doesn't otherwise have any privileges
- Copy images pixel by pixel (for raster images) or remove all the shady parts of an SVG that we don't otherwise trust
- Other general defense-in-depth stuff, validating request/response sizes, minimal privileges on separate services, private networking throughout.
This seems very comprehensive, thanks for sharing :) I'm working on something similar myself which involves running untrusted user-provided JavaScript... It's a little scary but I'll definitely be taking a closer look into Firecracker. Cheers!
- Turn the Docker image into a Firecracker VM, I stole the idea from Fly.io [1]. Add all the trimmings like jailer and stuff, don't give it any network interfaces
- Run our own shim as PID 0 in the VM, which sets up a bunch of things to make the environment hermetic (time set to 1970, etc), and does some stuff with eBPF to monitor usage by the child process, and also enforces 1 minute timeout
- Run the jobs on a parent VM that doesn't otherwise have any privileges
- Copy images pixel by pixel (for raster images) or remove all the shady parts of an SVG that we don't otherwise trust
- Other general defense-in-depth stuff, validating request/response sizes, minimal privileges on separate services, private networking throughout.
[1] https://fly.io/blog/docker-without-docker/