@@ -22,31 +22,26 @@ machines.
2222A CodeJail sandbox consists of several pieces:
2323
2424#) Sandbox environment. For a Python setup, this would be Python and
25- associated core packages. This is denoted throughout this document
26- as **<SANDENV> **. This is read-only.
27-
28- #) Sandbox packages. These are additional packages needed for a given
29- run. For example, this might be a grader written by an instructor
30- to run over a student's code, or data that a student's code might
31- need to access. This is denoted throughout this document as
32- **<SANDPACK> **. This is read-only.
33-
34- #) Untrusted packages. This is typically the code submitted by the
35- student to be tested on the server, as well as any data the code
36- may need to modify. This is denoted throughout this document as
37- **<UNTRUSTED_PACK> **. This is currently read-only, but may need to
38- be read-write for some applications.
39-
40- #) OS packages. These are standard system libraries needed to run
41- Python (e.g. things in /lib). This is denoted throughout this
42- document as **<OSPACK> **. This is read-only, and is specified by
43- Ubuntu's AppArmor profile.
25+ associated core packages as a virtualenv. This is denoted throughout this document
26+ as **<SANDENV> **. This is read-only, and shared across sandbox instantiations.
27+
28+ Sandboxed code also has access to OS libraries to the extent that the
29+ AppArmor profile permits it.
30+
31+ #) Sandbox execution directory. This is an ephemeral read-only directory named
32+ like ``/tmp/codejail-XXXXXXXX `` containing the submitted code
33+ (``./jailed_code ``), optional additional files, and a writable temporary
34+ directory (``./tmp ``) that the submitted code can use as a scratch space.
35+
36+ The submitted code is typically the code submitted by the student to be
37+ tested on the server, and the additional files are typically a
38+ ``python_lib.zip `` containing grading or utility libraries.
4439
4540To run, CodeJail requires two user accounts. One account is the main
4641account under which the code runs, which has access to create
4742sandboxes. This will be referred to as **<SANDBOX_CALLER> **. The
4843second account is the account under which the sandbox runs. This is
49- typically the account ' sandbox.'
44+ typically the account `` sandbox ``.
5045
5146Supported Versions
5247------------------
@@ -62,6 +57,9 @@ Ubuntu:
6257* 22.04
6358* 24.04
6459
60+ (Note that the Python version used inside the sandbox may be different from the
61+ version used for the library itself.)
62+
6563Installation
6664------------
6765
@@ -247,12 +245,12 @@ execute the provided Python program with that executable, and AppArmor will
247245automatically limit the resources it can access. CodeJail also uses setrlimit
248246to limit the amount of CPU time and/or memory available to the process.
249247
250- ``CodeJail .jail_code
248+ ``codejail .jail_code
251249environment, command-line arguments, and a stdin stream. It creates a
252250temporary directory, creates or copies the needed files, spawns a subprocess to
253251run the code, and returns the output and exit status of the process.
254252
255- ``CodeJail .safe_exec
253+ ``codejail .safe_exec
256254Python code, and runs it using jail_code, modifying the globals dictionary as a
257255side-effect. safe_exec does this by serializing the globals into and out of
258256the subprocess as JSON.
@@ -262,6 +260,9 @@ Limitations
262260
263261* If codejail or AppArmor is not configured properly, codejail will default to
264262 running code insecurely (no sandboxing). It is not secure by default.
263+ Projects integrating codejail should consider including a runtime test suite
264+ that checks for proper confinement at startup before untrusted inputs are
265+ accepted.
265266* Sandbox isolation is achieved via AppArmor confinement. Codejail facilitates
266267 this, but cannot isolate execution without the use of AppArmor.
267268* Resource limits can only be constrained using the mechanisms that Linux's
0 commit comments