Yeah for sure: run it inside a virtual machine, or do some sort of docker magic.
You kind of need to pretend you are a whole computer for a programming language to be happy. There's built in assumptions they're running on a "real" computer. They assume they've got full access to network and disk. Installing packages often requires compiling C extensions, or running native binaries. All that stuff means the best way to sandbox is to virtualise a whole computer.
It's fun to do it with WebAssembly though, you get a lot of guarantees and it's quite light weight.
You should repost that article on HN. WASI in the browser is awesome and I would love to see some discussion about it.
Is there a better way to sandbox Python other than using a webassembly build?
Yeah for sure: run it inside a virtual machine, or do some sort of docker magic.
You kind of need to pretend you are a whole computer for a programming language to be happy. There's built in assumptions they're running on a "real" computer. They assume they've got full access to network and disk. Installing packages often requires compiling C extensions, or running native binaries. All that stuff means the best way to sandbox is to virtualise a whole computer.
It's fun to do it with WebAssembly though, you get a lot of guarantees and it's quite light weight.