Hashicorp has go-plugin: https://github.com/hashicorp/go-plugin. It does similar with support for net/rpc and grpc. With grpc, you could have the external process in Python. Unix domain sockets and TCP are supported. The framework handles spawning the process and managing it.
It is used extensively within hashicorp's products - nomad, packer etc.
spicypixel 1 hours ago [-]
I wish python had proper sandbox configuration. This would be great for user defined scripts but only if I could disable filesystem and network syscalls for the user defined code.
darkvertex 48 minutes ago [-]
This uses UDS (Unix Domain Sockets) to communicate, which are file-like and can be mounted from the host filesystem inside a container.
As long as the socket is writable, the rest of the filesystem(s) don't have to be. Same goes for the networking, which can be very isolated and restricted.
As long as the socket is writable, the rest of the filesystem(s) don't have to be. Same goes for the networking, which can be very isolated and restricted.
It should be possible to do what you want.