Q: Is there a way to sandbox a Go program?
A: Yes. See GAE w/ Go or play.golang.org
How is this done?
In my particular case I'd like to allow untrusted extensions written in Go. I imagine the Go Playground is exactly what I'd need. Is it open source? Or is there at least some documentation on how to build a similar service?
code.google.com/p/go-playground is the source for the Go Playground editor. But the sandbox is hidden behind a POST to http://golang.org/compile?output=json.
According to http://blog.golang.org/playground , the sandbox in the go playground uses NaCl to limit CPU and RAM usage. The code for it has been merged into go version 1.3.