0

I want to develop on Linux in various languages (python, rust, ...) and will be installing packages through their respective tools (and also some infrastructure like redis, postgresql, ...). I'd like to create a sandbox for each project:

  • shell access to run dev and system utilities (perf, htop, etc ...)
  • limit access to a few directories where the source code I'll be editing will be (so that I don't have to configure/run my editor for each environment and not not lose any file if the container stops)
  • can only do outbound network requests to known package hosting domains (like pypi.org, github.com, etc ...).
  • can start servers listening on tcp sockets and access them from within the container without custom configuration
  • on occasion allow some port pass-through for localhost only so it the ports can be accessed from another container or from the host system

I'm hoping there are existing tools for it or some detailed tutorials. Some aspects like having the proper list of domains can be tedious to establish/maintain. So far my google searches haven't been yielding anything too promising besides starting from scratch with firejail/docker/lxc/...

I do not want to use VMs to not tax system resources too much as I may have many such environment.

Ideally something like:

dev-env-setup --name myapp --base-container python-dev --shell bash --code ~/coding/myapp

or

dev-env-setup --name myapp --base-container myapp-dev --code ~/coding/myapp --listen-ports 9999,8888,7777 --access-ports 111111,11123

privpub19
  • 1

1 Answers1

1

Have you heard of asdf? It can install python, rust, postgres, redis and many other things. What's more, you can have per-project versions using a .tool-versions file. I use asdf a lot and would recommend it for what you describe.

You don't have to do any "dev setup" stuff either. Once you cd to your project directory, you will be using whatever version has been specified in .tool-versions via asdf local command.

Start here: https://asdf-vm.com/#/core-manage-asdf-vm

If you need help using it, I can give you some good starter tips but even just running asdf on its own will give you all the info you need.

Note that asdf calls the things it installs "plugins". For example, to be able to install different postgres versions, you would do asdf plugin add postgres. Then you could install different versions of postgres with asdf install postgres 12.3 (for example). You can set a per-project version (which is saved in a .tool-versions file) by doing asdf local python 3.8.1. You can also set a default global version for any plugin (for when you are not in a project directory that has a .tool-versions file) by doing asdf global rust 1.43.0.

Peaceful James
  • 1,807
  • 1
  • 7
  • 16
  • thank you for the reference, I didn't know this tool. However it's not what I'm after ;-) I'm looking at adding security via network restrictions and filesystem sandboxing. I do want to use each language's package manager as well as the OS's own. I don't want a rogue package to exfiltrate my personal data or run a malware. – privpub19 Jul 03 '20 at 01:42