golang.org/x/playground@v0.0.0-20230418134305-14ebe15bcd59/sandbox/Dockerfile.gvisor (about)

     1  # This is the environment that the untrusted playground programs run within
     2  # under gvisor.
     3  
     4  ############################################################################
     5  # Import the sandbox server's container (which is assumed to be
     6  # already built, as enforced by the Makefile), just so we can copy its
     7  # binary out of it. The same binary is used as both as the server and the
     8  # gvisor-contained helper.
     9  FROM golang/playground-sandbox AS server
    10  
    11  ############################################################################
    12  # This is the actual environment things run in: a minimal busybox with glibc
    13  # binaries so we can use cgo.
    14  FROM busybox:glibc
    15  
    16  COPY --from=server /usr/local/bin/play-sandbox /usr/local/bin/play-sandbox
    17  COPY --from=server /usr/share/zoneinfo /usr/share/zoneinfo
    18  
    19  ENTRYPOINT ["/usr/local/bin/play-sandbox"]