You've just described Sandstorm. Sandstorm runs instances (called grains) of applications in a sandbox. The application gets a limited file system and a Cap'n Proto RPC connection to the outside world over a unix socket. Sandstorm runs the HTTPS server, which turns requests into RPC calls. Sandstorm authenticates the users and provides temporary subdomains and frames to sandbox the HTML side of it.https://sandstorm.io/
ranger_danger|2 years ago