Open in app

Sign in

Write

Sign in

Sandboxing in Deno

Mayank Choubey
Tech Tonic
4 min readJun 8, 2021

--

Introduction

One of the most highlighted features of Deno is sandboxing. Deno is secure by default. This means that there is no network, file, environment access by default. All the accesses need explicit enablement.

In this graphical article, we’ll go over the different types of sandboxing supported by Deno.

Even if access is enabled in Deno, further user level access control is imposed by the operating system

1.No access (default)

By default, there is no access for the Deno process. It can only execute ECMAScript code. It can’t read, write from/to file system, listen on sockets, make API calls, start a child process, etc. Any attempt to access a resource outside the sandbox would result in PermissionDenied error.

2.Full read access (allow-read)

The --allow-read command line argument, without specific paths, enables full read access to the file system.

3.Specific read access (allow-read=p1,p2)

The --allow-read command line argument, along with a list of paths, enables read access only to the mentioned paths. The access for each path is enabled recursively. Any other attempt would result in PermissionDenied error.

4.Full write access (allow-write)

The --allow-write command line argument, without specific paths, enables full write access to the file system.

5.Specific write access (allow-write=p1,p2)

The --allow-write command line argument, along with a list of paths, enables write access only to the mentioned paths. The access for each path is enabled recursively. Any other attempt would result in PermissionDenied error.

6.Full environment access (allow-env)

The --allow-env command line argument, without a specific list of envs, enables access (get/set/delete) to all the environment variables.

7.Specific environment access (allow-env=e1,e2)

The --allow-env command line argument, along with a list of envs, enables access only to the given envs. Any other attempt would result in PermissionDenied error.

8.Plugin access (allow-plugin)

The --allow-plugin command line argument enables loading of shared library at runtime. This is not a commonly used feature.

9.Full network access (allow-net)

The --allow-net command line argument, without a specific list of networks, enables client & server networks access to everything.

10.Specific network access (allow-net=n1,n2)

The --allow-net command line argument along with a list of networks enables access only to the mentioned networks. Exact hostnames/IPs are allowed. Sub-domains aren’t allowed, unless explicitly mentioned. Any other attempt would result in PermissionDenied error.

11.Full child process access (allow-run)

The --allow-run command line argument, without a specific list of executables, enables the parent process to spawn any child process.

12.Specific child process access (allow-run=e1,e2)

The --allow-run command line argument, along with a list of executables, enables spawning of only one of the given executables. Any other attempt would result in PermissionDenied error.

Deno

--

--

Mayank Choubey
Tech Tonic

Written by Mayank Choubey

9.4K Followers
Editor for

800 medium articles

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams