Hashicorp has go-plugin: https://github.com/hashicorp/go-plugin. It does similar with support for net/rpc and grpc. With grpc, you could have the external process in Python. Unix domain sockets and TCP are supported. The framework handles spawning the process and managing it.
It is used extensively within hashicorp's products - nomad, packer etc.
spicypixel 86 days ago [-]
I wish python had proper sandbox configuration. This would be great for user defined scripts but only if I could disable filesystem and network syscalls for the user defined code.
darkvertex 86 days ago [-]
This uses UDS (Unix Domain Sockets) to communicate, which are file-like and can be mounted from the host filesystem inside a container.
As long as the socket is writable, the rest of the filesystem(s) don't have to be. Same goes for the networking, which can be very isolated and restricted.
It should be possible to do what you want.
86 days ago [-]
rirze 86 days ago [-]
You could use starlark but I don't have context for what you're using Python for specifically. Starlark has stronger hermetic guarantee.
iberator 86 days ago [-]
chroot ? :)
remix2000 86 days ago [-]
Pretty sure chroot is not an isolation method, it's way too easy to bypass when used as such
mountainriver 86 days ago [-]
One of the main reasons I switched to Rust, awesome work!
But now that I mostly code in Rust I don’t think I’ll be returning to Go, it’s a fun language but very limited
rubenvanwyk 86 days ago [-]
Hopefully we can write an Airflow replacement using this.
mpweiher 86 days ago [-]
How is "running a pool of Python worker processes" different from having a microservice?
Rendered at 06:30:20 GMT+0000 (UTC) with Wasmer Edge.
As long as the socket is writable, the rest of the filesystem(s) don't have to be. Same goes for the networking, which can be very isolated and restricted.
It should be possible to do what you want.
But now that I mostly code in Rust I don’t think I’ll be returning to Go, it’s a fun language but very limited