evaluating perl code securely in a virtual machine online

After 13 days of hard work, I finally did it!!

I explored FreeBSD Jails, my lack of networking experience and the fact that I had to rebuild the OS many times drove me away. FreeBSD is really cool though!! I'll get back to it soon.

I looked bleakly at OpenVZ and then thanks to @ewwhite I revisited Linux Containers and gave it a proper shot.

The docs aren't great but this article really helped with everything.

• I setup multiple containers under a load balancer : HAProxy.
• I have a perl installation inside each container with the cpan modules I need.
• My PerlExecutor application is a Dancer app that runs on Starman, it runs under owned by a limited user which has less privileges and has limits in limits.conf
• The container is blocked from the internet.

One Limitation : I don't know much about networking so I blocked the jails from the internet by disabling port forwarding on the host. However, the jails still need to be on the network for the host to communicate to it, as a result, you can still do a ping inside the jail which will resolve the domain but it won't respond. So any web requests inside fail. I also do a string scan for Ping and block it.

Any suggestions or improvements will be very welcome!

I'd like to thank @JakeFeasel @ikegami @ewwhite @chris-s and the guys at ubuntu.SE and unix.SE for their help :

This is what it looks like: