Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sandboxing CLI #61

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Sandboxing CLI #61

wants to merge 1 commit into from

Conversation

SongTonyLi
Copy link

@SongTonyLi SongTonyLi commented May 29, 2024

Original Project Objective

Often times we want to execute the Gorilla command on a VM on behalf of the user. As a first step, can you build a "sandbox" that can execute a python function? Any function of your choice!

Container vs VM

VM is better in terms of future development and privacy concerns. I do believe this one can also be achieved by Docker, and it was suggested in PR #52. This VM approach is showcasing an alternative way of solving problems. Notice that this approach does not confine within gorilla-cli, if you want, you can drag any python files into the folder to run it.

Usage Requirements

MacOS with M-series Chips and qemu installed. VM may work on windows or linux, but untested.

Highlights:

Customizable CPU, RAM, and VM OS's. Automatic python virtual environment creation.

Usage

Visualized and concrete examples are shown in VM_README.md. Link here : https://github.com/gorilla-llm/gorilla-cli/blob/3b463bc14a7a8c056c0d0e48a97bc34cf49f2c58/VM_README.md

Methodology

It creates an object overseer to process all requests from sandboxes' requests and internally invokes lima to generate corresponding virtual machine.

Future improvements

More rigorous policies of overseer should be enforced to prevent internal safety hazards.
Linux images could be more refined to suit the need.
Only one sandbox is allowed to execute each time, and this may prohibit potential racing conditions between two sandboxes. Also, running multiple sandboxes at the same is resource consuming, and I would suggest to use one sandbox for all relevant files.

Edits:

22_29_Code@2x
The original fcntl.ioctl function is replaced by os.write function in function prefill_shell_cmd of go_cli.py. The latter one ensures that cmd can be actually written to VM terminals on archlinux. As discussed on https://bbs.archlinux.org/viewtopic.php?id=283932, archlinux imposes some restrictions on the fcntl.ioctl.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant