tags:

views:

57

answers:

2

For reasons beyond the scope of this post, I want to run external (user submitted) code similar to the computer language benchmark game. Obviously this needs to be done in a restricted environment. Here are my restriction requirements:

  1. Can only read/write to current working directory (will be large tempdir)
  2. No external access (internet, etc)

Anything else I probably don't care about (e.g., processor/memory usage, etc).

I myself have several restrictions. A solution which uses standard *nix functionality (specifically RHEL 5.x) would be preferred, as then I could use our cluster for the backend. It is also difficult to get software installed there, so something in the base distribution would be optimal.

Now, the questions:

  1. Can this even be done with externally compiled binaries? It seems like it could be possible, but also like it could just be hopeless.
  2. What about if we force the code itself to be submitted, and compile it ourselves. Does that make the problem easier or harder?
  3. Should I just give up on home directory protection, and use a VM/rollback? What about blocking external communication (isn't the VM usually talked to over a bridged LAN connection?)
  4. Something I missed?

Possibly useful ideas:

  1. rssh. Doesn't help with compiled code though
  2. Using a VM with rollback after code finishes (can network be configured so there is a local bridge but no WAN bridge?). Doesn't work on cluster.
A: 

I don't think you'll be able to do what you need with simple file system protection because you won't be able to prevent access to syscalls which will allow access to the network etc. You can probably use AppArmor to do what you need though. That uses the kernel and virtualizes the foreign binary.

Benj
+1  A: 

I would examine and evaluate both a VM and a special SELinux context.

ndim
Dan Walsh has written an easy-to-setup sandbox for SELinux: http://danwalsh.livejournal.com/28545.html
ephemient
SELinux does sound like the way to go - and it's included in standard RHEL kernels.
caf