(github.com)

173 points xrd | 3 comments | 15 Apr 25 11:09 UTC | HN request time: 0.667s | source

Show context

behnamoh ◴[17 Apr 25 15:27 UTC] No.43718268[source]▶

So their method of sandboxing Python code is to spin up a JS runtime (deno), run Pyodide on it, and then run the Python code in Pyodide.

Seems a lot of work to me. Is this really the best way to create and run Python sandboxes?

replies(11): >>43718335 #>>43718770 #>>43718841 #>>43719300 #>>43719370 #>>43719672 #>>43719881 #>>43721408 #>>43722369 #>>43723869 #>>43726452 #

simonw ◴[17 Apr 25 17:13 UTC] No.43719672[source]▶

>>43718268 #

I've been trying to find a good option for this for ages. The Deno/Pyodide one is genuinely one of the top contenders: https://til.simonwillison.net/deno/pyodide-sandbox

I'm hoping some day to find a recipe I really like for running Python code in a WASM container directly inside Python. Here's the closest I've got, using wasmtime: https://til.simonwillison.net/webassembly/python-in-a-wasm-s...

replies(5): >>43721214 #>>43722664 #>>43724984 #>>43725448 #>>43828320 #

1. 3abiton ◴[18 Apr 25 06:04 UTC] No.43725448[source]▶

>>43719672 #

> I'm hoping some day to find a recipe I really like for running Python code in a WASM container directly inside Python.

But what would be the usecase for this?

replies(1): >>43725528 #

2. simonw ◴[18 Apr 25 06:21 UTC] No.43725528[source]▶

>>43725448 (TP) #

Running Python code from untrusted sources, including code written by LLMs.

replies(1): >>43731970 #

3. 3abiton ◴[18 Apr 25 21:21 UTC] No.43731970[source]▶

>>43725528 #

I see, the way I would approach is it by running a client on in a specific python env on an incus instance, with LLM hosted either on the host or another seperate an incus instance. Lately been addicted to sandboxing apps in incus, specifically for isolated vpn tunnels, and automating certain web access.

↑

MCP Run Python