Secure grading in docker image #257
Labels
enhancement
New feature or request
Comments
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
At the moment grading in the docker container gets done using the root user and is quite straight forward but some sort of insecure. I would at least suggest to change the used user to an less privileged user or even to limit the resources of the docker container (e.g. no network, limited amount of cpu/ram, maximum runtime/timeout).
Of course, the cases of breaking out of a Docker container are rare, but long-running scripts due to errors (e.g. in recursion) or unneeded network requests should be prevented.
Describe the solution you'd like
As mentioned above some limitations and "security-changes" for the docker grading would be sweet.
Describe alternatives you've considered
Using user-namespace remapping of the docker runtime.
The text was updated successfully, but these errors were encountered: