Hi! I made RunSwift this past week and thought it was pretty neat so I wanted to share it. Have fun!

I've always wondered how these are made. Does it run in some kind of virtualised container?

That's one way to do it, sure. In this case I had the problem of having to use a Mac for a build server, though.

I did a few things to get this running:

- The application server and build server are separate, with access control to the build server controlled by an API key that I can revoke should anyone gain access to it.

- The process that compiles and runs your code is an unprivileged user.

- All import statements are disabled in user submitted code

- Foundation is imported selectively with only a few classes allowed to be used by submitted code (namely, the NSString, NSArray, NSDictionary, etc APIs)

- Code is checked for a list of blacklisted APIs before hitting the compiler

- The execution of your code has a timeout of a few seconds, and the process will be killed should it take any longer.

I looked into more advanced techniques for sandboxing but couldn't find anything on OS X that was feasible. Happy to be schooled on security though, if you know better than I do :)

You can execute the process under sandbox-exec to take advantage of OS X kernel-level sandboxing. You'll need to write your own profile file that allows/denys what you want. There are plenty of examples of these .sb profile files under /System/Library. More: https://developer.apple.com/library/mac/documentation/Darwin...

Excellent! Thank you for pointing me to this!

Good tip. Another suggestion would be to use chroot :)

That said, the best, most foolproof way of doing this really comes down to using OS X to virtualize OS X.

Or you could try cross-compiling. It seems to work here: https://github.com/swift-x/tools (which looks interesting...)

It's possible that by the end of this week, maybe next, it will be very easy indeed to compile and/or run Swift on Linux from Linux, at which point you could try LXC or a million other ways to virtualize.

Thanks for the tips! I'd love to move to LXC should an appropriate/feasible compiling solution become available :)

This mechanism has been deprecated by Apple. In the header file they point out that one should use the OS X sandboxing instead which works with plists instead and can be controlled with less flexibility.

Calling sandbox_init from inside your app has been deprecated in favor of the App Sandbox mechanism, but I don't see any indication that sandbox-exec is deprecated.

Just deployed a new script runner backed by sandbox-exec! Thanks again for the tip!

Not Swift, but definitely related and well presented: you might want to check out Jessica McKellar's PyCon2014 talk on "Building and breaking a Python sandbox": https://www.youtube.com/watch?v=sL_syMmRkoU

Looks a lot like swiftstub.com. Nice job though.

Hah, had never seen that :) thanks for the link!

Nice work! I've been looking at using the REPL to make some web stuff too, so I understand the challenges involved here!

BTW we are running a Swift hackathon @ GitHub HQ in a few weeks, it would be cool if you could join us: http://www.swifthack.splashthat.com

Thanks! What kind of web stuff stuff are you trying to do?

And I would love to, but unfortunately I live on the other (better ;)) coast! Will you all be taping the talks?

I dabbled with implementing Swift on JavaScript, but has proven a bit difficult. The grammar is very big and just implementing a parser is huge task on its own.

I would like to see someone tackle this though.

It will happen. http://www.reddit.com/r/atwoodslaw/

If I hit compile I get "gtimeout: failed to run command ‘/Applications/Xcode6-Beta4.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/swift’: No such file or directory"

Error now changed to "233168 sh: /var/folders/mq/sxspn0v179z03ljffqzb7vk00000gn/T/./run-swift.IBiDbHOX: Operation not permitted"

Debugging an issue with the runner now, but the output should still show above the error. It'll be fixed soon!

Edit: Rolled back my changes; I'll sort them out when the server is a little busy :) Happy Saturday!