API Reference

boxed.run(target, args=(), kwargs=None, *, timeout=None, method='best', **kwds)

Run target function in a sandboxed environment and return the results.

The target function executes on a different python interpreter under a low privilege user. Everything is serialized and transmitted to the sandbox using either pickle, json or some other serialization protocol.

The input arguments and return value must be serializable using the given protocol and any modification that the target function makes to the input arguments is not transmitted back from the function call.

Parameters:

• target – Callable that shall be executed in the sandbox.
• kwargs (args,) – Position and named arguments passed to the callable.
• timeout – The maximum allowed time in seconds. If no timeout is given, there will be no time limits for execution.
• method – The sandboxing strategy. For now, only the ‘simple’ strategy is implemented.
• imports – A list of modules that should be imported before lowering privileges. Remember that a low privilege user may not be able to import modules installed in the local user folders.
• serializer –

  ‘json’, ‘pickle’, ‘dill’ or ‘cloudpickle’.

  The protocol used to transmit data from/to the sandbox. Going from JSON to cloudpickle we trade security with the ability to handle more argument types. Remember that malicious code can make pickle execute arbitrary data during unpickling (which is done outside the sandbox).