gabrielsimoes's blog

By gabrielsimoes, history, 7 years ago, In English

I was looking for a method for sandboxing submissions under Windows. Simple things, like blocking file I/O, etc. It seems that Codeforces itself runs on Windows, so I'm asking this here: do you have any input on this?

[EDIT] I would like to note I found these, but haven't tested any of it yet:

  • Vote: I like it
  • +69
  • Vote: I do not like it

»
7 years ago, # |
  Vote: I like it +3 Vote: I do not like it

AFAIK CodeForces uses Java as main programming language. This might be helpful if you also choose Java for your project.

  • »
    »
    7 years ago, # ^ |
      Vote: I like it +1 Vote: I do not like it

    Maybe I misunderstood it, but isn't this only about running native java code inside a java sandbox? Thanks for the help!

»
7 years ago, # |
  Vote: I like it +15 Vote: I do not like it

Have you consider using docker?

It's fast and easy, but I think there is only docker for Windows 10.

If you are not familiarized with docker I encourage you to read about it, I think it's a great tech ;) What I mean by using docker is running programs inside containers without being exposed to any risk.

  • »
    »
    7 years ago, # ^ |
      Vote: I like it +13 Vote: I do not like it

    I think there're some reasons not to use docker. First it's not lightweight enough, cost much time on startup especially on Windows. And docker needs to be run as root(admin) but some IaaS does not provide.

    The heavyweight of docker also cause a problem, a tons of dockers could hardly run together. If you run one submission in one docker, then you could hardly run 10+ submissions at once like codeforces

    • »
      »
      »
      7 years ago, # ^ |
        Vote: I like it +8 Vote: I do not like it

      There are some docker-images which are really REALLY lightweight. I remember Debian in less than 20MB and Alpine in 4MB.

      I don't think you can run tons of dockers together, but the main bottleneck won't be docker itself (setting up and starting the container) but the execution, similar to what is going to happen if you run submissions outside docker.

      I used docker once in windows and never test the speed, but I partially implemented a mini-judge using docker for sand-boxing (in Ubuntu) and I run 20+ submissions locally on my PC and there was no big overhead created by docker.

      Probably it is not the best option for a site like Codeforces, but I think it is a simple (and great) option for small OJ.

      • »
        »
        »
        »
        7 years ago, # ^ |
        Rev. 3   Vote: I like it 0 Vote: I do not like it

        I agree with the idea of using docker as a simple option. But I think docker for windows is much slower than docker on linux. What about Hyper-V instead of docker?

        And I think docker is for general use but not only for OJ sandboxing. May sandbox special for OJ is a better choice

        • »
          »
          »
          »
          »
          7 years ago, # ^ |
            Vote: I like it 0 Vote: I do not like it

          Of course docker is not for that ;) docker is for A LOT of things, and it happens to me that I met docker at the same time I was trying to build an online judge. The idea of using docker for sand-boxing came to my mind in that moment.