Sandboxing untrusted dependencies in Elixir/Erlang

Is there any current approach to restricting the access of external dependencies of an application? For example, let’s say I use some hex package that provides useful functionalities, but I don’t want it to have access to my filesystem or have the ability to make external network requests.

Is there any way to restrict the rights of specific processes/applications running in the Erlang VM? Can you run untrusted code in a separate VM that has the os-level permissions restricted and call that node from your main node?

Does anyone know of any work that has been done here? Thanks.

1 Like