top | item 43618374

(no title)

darubramha | 10 months ago

The sandbox is a lightweight Alpine-based container, it runs as a non-root user for security, it has minimal dependencies installed (curl, bash, coreutils)

The container has restricted outbound access—only HTTP/S requests are allowed. It runs inside an isolated network namespace with no access to the host network or other infrastructure components. There's no inbound access, and the container can't receive unsolicited requests from the outside world.

The sandbox container can only communicate with other containers in the same network, the main application container and sandbox container are on the same network, allowing them to communicate.

discuss

ustad|10 months ago

Thanks for the details!

Do you think there could be ways for someone to abuse the network setup you have?

For example, accessing other internet hosts or other containers in the same container network?

What happens when curl gets redirect responses?