### Install Packages in Sandbox Virtual Environment Source: https://github.com/openedx/codejail/blob/master/README.rst Installs specified packages into the sandbox virtual environment. This is typically done after activating the sandbox environment. ```bash $ /bin/pip install -r requirements/sandbox.txt ``` -------------------------------- ### Create Sandbox Virtual Environment Source: https://github.com/openedx/codejail/blob/master/README.rst Creates a new virtual environment for sandboxed code using the --copies flag to ensure a distinct Python executable for AppArmor confinement. ```bash $ sudo python3.12 -m venv --copies ``` -------------------------------- ### Configure and Execute Python Code with CodeJail Source: https://github.com/openedx/codejail/blob/master/README.rst This snippet demonstrates how to configure CodeJail for Python execution and then use safe_exec to run a Python command. It's intended to show proper confinement, expecting an exception if /etc/passwd is accessed. ```python import codejail.jail_code codejail.jail_code.configure('python', '/bin/python', user='sandbox') import codejail.safe_exec jailed_globals = {} codejail.safe_exec.safe_exec("output=open('/etc/passwd').read()", jailed_globals) print(jailed_globals) # should be unreachable if codejail is working properly ``` -------------------------------- ### Add Sandbox User and Group Source: https://github.com/openedx/codejail/blob/master/README.rst Adds a new group named 'sandbox' and a user 'sandbox' that is disabled for login but belongs to the 'sandbox' group. ```bash $ sudo addgroup sandbox $ sudo adduser --disabled-login sandbox --ingroup sandbox ``` -------------------------------- ### Configure Sudoers for Sandbox Execution Source: https://github.com/openedx/codejail/blob/master/README.rst Configures sudoers to allow the specified sandbox caller to execute Python as the sandbox user without a password, and also allows find and pkill commands. ```sudoers ALL=(sandbox) SETENV:NOPASSWD:/bin/python ALL=(sandbox) SETENV:NOPASSWD:/usr/bin/find ALL=(ALL) NOPASSWD:/usr/bin/pkill ``` -------------------------------- ### Set CodeJail Test Environment Variables Source: https://github.com/openedx/codejail/blob/master/README.rst These environment variables are required to run the CodeJail tests. Ensure CODEJAIL_TEST_USER and CODEJAIL_TEST_VENV are set to the correct values for your sandbox environment. ```bash export CODEJAIL_TEST_USER= export CODEJAIL_TEST_VENV= ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.