golang.org/x/playground@v0.0.0-20230418134305-14ebe15bcd59/sandbox/Dockerfile.gvisor (about) 1 # This is the environment that the untrusted playground programs run within 2 # under gvisor. 3 4 ############################################################################ 5 # Import the sandbox server's container (which is assumed to be 6 # already built, as enforced by the Makefile), just so we can copy its 7 # binary out of it. The same binary is used as both as the server and the 8 # gvisor-contained helper. 9 FROM golang/playground-sandbox AS server 10 11 ############################################################################ 12 # This is the actual environment things run in: a minimal busybox with glibc 13 # binaries so we can use cgo. 14 FROM busybox:glibc 15 16 COPY --from=server /usr/local/bin/play-sandbox /usr/local/bin/play-sandbox 17 COPY --from=server /usr/share/zoneinfo /usr/share/zoneinfo 18 19 ENTRYPOINT ["/usr/local/bin/play-sandbox"]