ExecutionContainer
ExecutionContainer
ExecutionContainer(
tag: str = DEFAULT_TAG,
binds: dict[str, str] | None = None,
env: dict[str, str] | None = None,
executor_port: int | None = None,
resource_port: int | None = None,
port_allocation_timeout: float = 10,
show_pull_progress: bool = True,
)
Context manager for the lifecycle of a code execution Docker container. A code execution container provides:
- a Jupyter Kernel Gateway for stateful code execution
in IPython kernels. Clients connect to it via
ExecutionClient
on the container's executor host port. - a resource server for downloading Python module sources and registering MCP servers.
Clients connect to it via
ResourceClient
on the container's resource host port. - a firewall that can be enabled with init_firewall to restrict network access to allowed domains, IPv4 addresses, or CIDR ranges.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
tag
|
str
|
Name and optionally tag of the |
DEFAULT_TAG
|
binds
|
dict[str, str] | None
|
A dictionary mapping host paths to container paths for bind mounts.
Host paths may be relative or absolute. Container paths must be relative
and are created as subdirectories of |
None
|
env
|
dict[str, str] | None
|
Environment variables to set in the container |
None
|
executor_port
|
int | None
|
Host port for the container's executor port. A random port is allocated if not specified. |
None
|
resource_port
|
int | None
|
Host port for the container's resource port. A random port is allocated if not specified. |
None
|
port_allocation_timeout
|
float
|
Maximum time in seconds to wait for port random allocation. |
10
|
show_pull_progress
|
bool
|
Whether to show progress when pulling the Docker image. |
True
|
Source code in ipybox/container.py
executor_port
property
executor_port: int
The host port of the container's executor port. Either an application-defined
executor_port
via the constructor or a dynamically allocated random port.
Raises:
Type | Description |
---|---|
RuntimeError
|
If the container is not running and an application-defined port was not provided. |
resource_port
property
resource_port: int
The host port of the container's resource port. Either an application-defined
resource_port
via the constructor or a dynamically allocated random port.
Raises:
Type | Description |
---|---|
RuntimeError
|
If the container is not running and an application-defined port was not provided. |
init_firewall
async
Initialize firewall rules to restrict internet access to a whitelist of allowed domains, IPv4 addresses, or CIDR ranges.
Traffic policy inside the container after initialisation:
- DNS resolution (UDP/53) is always permitted so that the script itself can resolve domains and regular runtime code can still perform look-ups.
- SSH (TCP/22) is permitted for interaction with the host.
- Loopback traffic is unrestricted.
- The host network (*/24 derived from the default gateway) is allowed bidirectionally.
- Bidirectional traffic on the ipybox executor (8888) and resource (8900) ports is always allowed.
- Outbound traffic is allowed only to the specified whitelist entries.
DNS failures when resolving an allowed domain yield a warning but do not stop the firewall initialization.
A firewall can be initialized multiple times per container. Subsequent calls will
clear previous firewall rules and enforce the new allowed_domains
list.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
allowed_domains
|
list[str] | None
|
List of domains, IP addresses, or CIDR ranges that should be reachable from the container. If None or empty, only essential services are allowed. |
None
|
Raises:
Type | Description |
---|---|
RuntimeError
|
If the container is not running, firewall initialization fails, or if the container is running as root (ipybox images built with -r flag). |
Source code in ipybox/container.py
108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 |
|
kill
async
Kills and removes the current code execution Docker container.