How to run code in an isolated environment?

S

sadfun2020-02-15 18:35:13

Virtualization

sadfun, 2020-02-15 18:35:13

Let's say I'm writing a system for programming olympiads - participants pass the code, the server runs it on tests.

No one guarantees that there is nothing malicious in the code. How to run third-party scripts safely so that they don't have access to files and all sorts of low-level stuff?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

Antonio Solo, 2020-02-15
@sadfun

if there is a separation of rights, then with user rights there is no access to "low-level things" - the user works in his folder with his rights. This is how most hosting companies work.
Jail is needed when you want the user to somehow create the appearance of a virtual machine, give him the right to do anything there, but so that he does not get out

V

Vladimir Korotenko, 2020-02-15
@firedragon

Virtual machine, Jail, docker, file system filter with reset after reboot.
Choose any method

E

EGORKA, 2020-02-15
_

Jail

D

D0min0, 2020-02-29
@D0min0

taken from this article https://blog.cloudflare.com/a-gentle-introduction-...
https://github.com/amluto/virtme
virtme-run \
--kimg bzImage \
--rw --pwd - -memory 512M \
--script-sh "what to run inside kvm"