[IronPython] Restricting IronPython/DLR in a Sandbox?
sholist at hotmail.com
Tue Apr 1 21:43:20 CEST 2008
I am using the IronPython 2 Beta 1 on .Net 2.0.
My goal is to create a restricted sandbox for scripts to run in using the DLR. I have searched high and low and have not found a solution utilizing the latest python beta release and DLR. It would seem this is something that should be straightforward to accomplish as the DLR's ScriptRuntime.Create takes an AppDomain as an overload. And indeed, my Python engine and runtime are loaded in the remote AppDomain, however I can only get it to work when the AppDomain has FullTrust permissions. Anything lower (say Intranet Zone and the like) and it throws a Method Access Exceptions on the ScriptRuntime.Create method.
I have tried creating the AppDomain like so:
AppDomain.CreateDomain(name, defaultEvidence, appDomainSetup, defaultPermissions, TrustedAssemblies.ToArray)
name is the name
defaultEvidence is the evidence for the restricted zone
appDomainSetup sets the BaseDirectory
defaultPermissions is the permission set of the restricted zone
TrustedAssemblies is a list containing references to "Microsoft.Scripting", "IronPython", "IronPython.Modules"
Using any zone other than MyComputer results in the exception. I am not stuck on getting a permission set from a predefined zone, I have tried creating permissions sets other ways with the same result. Using zones seems easier for illustration.
I need IronPython scripts to be run in a fairly constrained environment. No file IO, no loading assemblies. Basically, just the ability for the user to interact with the Hosting apps object model with some basic .Net library functions like String etc.
Pack up or back up–use SkyDrive to transfer files or keep extra copies. Learn how.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ironpython-users