Skip to content

Eval untrusted code in any language. No containers, no VMs, no setup. Just Linux.

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Notifications You must be signed in to change notification settings

fullzer4/evalbox

evalbox

Execute code like eval(), but safe. No containers, no VMs, no root.

CI Crates.io Documentation License

Features

  • Simple - One function call, security handled for you
  • Multi-language - Python, Go, and shell/terminal commands
  • Fast - Millisecond startup, no containers or VMs
  • Secure - 7 layers of isolation (namespaces, Landlock, seccomp, rlimits)

Quick Start

use evalbox::{shell, python, go};
use std::time::Duration;

// Terminal commands
let output = shell::run("echo hello").exec()?;

// Python
let output = python::run("print(2 + 2)").exec()?;

// Go (auto-wraps into main())
let output = go::run(r#"fmt.Println("hello")"#).exec()?;

// With options
let output = shell::run("curl https://example.com")
    .timeout(Duration::from_secs(10))
    .network(true)
    .exec()?;

Requirements

  • Linux kernel 5.13+ (Landlock ABI 1+)
  • User namespaces enabled

Installation

[dependencies]
evalbox = { version = "0.1", features = ["python", "go", "shell"] }

Security

7 layers of isolation: user namespaces, PID namespace, network namespace, mount namespace + pivot_root, Landlock LSM, seccomp BPF, rlimits.

See SECURITY.md for threat model and CVE protections.

Documentation

License

MIT OR Apache-2.0

About

Eval untrusted code in any language. No containers, no VMs, no setup. Just Linux.

Topics

Resources

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT

Security policy

Stars

Watchers

Forks

Releases

No releases published

Contributors 2

  •  
  •  

Languages