runner-wrapper

command
v1.19.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 7, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Command runner-wrapper is a process sandbox pre-exec helper.

It applies rlimits → env whitelist → chdir → seccomp BPF filter, then exec's the target command. All sandbox isolation converges here.

Usage: 

runner-wrapper \
  --profile=script-runner \
  --max-memory-mb=100 \
  --max-cpu-sec=3 \
  --max-processes=5 \
  --max-file-size-mb=10 \
  --max-open-files=32 \
  --workdir=/tmp/sandbox-xxx \
  --env=LANG,LC_ALL,PATH \
  -- \
  python3 hello.py

The wrapper is self-contained — parent only needs to spawn it. rlimits + seccomp persist across execve to the target.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.