Let's say I'm running a hosted service that wishes to allow plugins written by third-party clients.
Perhaps a gaming service provider that provides infrastructure but allows clients to develop their own game referees. Or, a coding competition site that allows coders to submit code to be run as their solution to some coding problem.
How would you harden/lock-down/sandbox this user code from doing potential harm to the server that intends to run it?
How would you monitor and restrict resource usage (CPU, memory mostly)?
This is a good start for Python but I'm wondering if anyone here has more specific experiences they can share regardless of language (Python, Lua, Ruby, etc.).
chroot, jails, rexec, mangling __import__, etc. Let me know what you've done.
Thanks!