For our current ongoing project, we look for developer / system admin, who will help us setup secured environment to execute shell scripts on our server.
Our product is code assessment platform and developers are able to submit the code to our server for execution. In order to prevent security breaches of our system, we would like to run these in sandboxed environment.
We would like to:
- limit file access
- limit the CPU/memory available to the script
- (optionally) limit the network communication to a specific set of hosts
System runs on Ubuntu 12.04 on Linode. Initially we thought about light weight execution of application inside LXC (http://lxc.sourceforge.net/) or similar technology. Currently we are about to run Ruby, although soon node.js and PHP interpreters. At the end we abstracted those to shell scripts, so technology shouldn't matter. Note that test runner would need to fetch some extra data from the network to execute successfully.