Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0f177e466639bc8e0dc4acece00a7e82e7ae6001
edx-platform/xmodule/capa/safe_exec
History
Kyle McCormick 9c6e765bf6 test: run ./xmodule/ tests with CMS settings (#33534) 
Currently, ./xmodule/ unit tests are only run with LMS settings. However,
./common/ and ./xmodule/ are run twice: once with LMS settings and once with
CMS settings.

Just like ./common/ and ./openedx/, the unit tests in ./xmodule/ validate
behavior in both LMS and CMS. So, order to fully test ./xmodule/, we should to
run its tests with CMS settings too.

This will enable us to better validate certain LibraryContentBlocks behaviors
being touched by https://github.com/openedx/edx-platform/pull/33263 which can't
be expressed under LMS settings.

Also in this commit:

* refactor: rename the shards to be clear whether they're running under LMS or CMS
* docs: correct comments regarding conditions under which codejail's
   test_cant_do_something_forbidden is skipped.
* test: update a unit test which was using the now-deleted library_sourced block to use
   library_content block instead.
2023-10-19 10:19:28 -04:00
..
tests
test: run ./xmodule/ tests with CMS settings (#33534)
2023-10-19 10:19:28 -04:00
__init__.py
Revert "Revert "refactor: move common/lib/capa/capa to xmodule/capa" (#30762)"
2022-07-27 15:36:08 +05:00
exceptions.py
Revert "Revert "refactor: move common/lib/capa/capa to xmodule/capa" (#30762)"
2022-07-27 15:36:08 +05:00
lazymod.py
Revert "Revert "refactor: move common/lib/capa/capa to xmodule/capa" (#30762)"
2022-07-27 15:36:08 +05:00
README.rst
fix: fix github url strings (org edx -> openedx)
2022-09-15 14:52:28 -04:00
remote_exec.py
Revert "Revert "refactor: move common/lib/capa/capa to xmodule/capa" (#30762)"
2022-07-27 15:36:08 +05:00
safe_exec.py
chore: remove some usages of six (Python2 compat) (#32554)
2023-07-17 12:18:43 -07:00

README.rst 

Configuring Capa sandboxed execution
====================================

Capa problems can contain code authored by the course author.  We need to
execute that code in a sandbox.  We use CodeJail as the sandboxing facility,
but it needs to be configured specifically for Capa's use.

As a developer, you don't have to do anything to configure sandboxing if you
don't want to, and everything will operate properly, you just won't have
protection on that code.

If you want to configure sandboxing, you're going to use the `README from
CodeJail`__, with a few customized tweaks.

__ https://github.com/openedx/codejail/blob/master/README.rst


1. At the instruction to install packages into the sandboxed code, you'll
   need to install the requirements from requirements/edx-sandbox::

    $ pip install -r requirements/edx-sandbox/base.txt

2. You can configure resource limits in settings.py.  A CODE_JAIL setting is
   available, a dictionary.  The "limits" key lets you adjust the limits for
   CPU time, real time, and memory use.  Setting any of them to zero disables
   that limit::

    # in settings.py...
    CODE_JAIL = {
        # Configurable limits.
        'limits': {
            # How many CPU seconds can jailed code use?
            'CPU': 1,
            # How many real-time seconds will a sandbox survive?
            'REALTIME': 1,
            # How much memory (in bytes) can a sandbox use?
            'VMEM': 30000000,
        },
    }


That's it.  Once you've finished the CodeJail configuration instructions,
your course-hosted Python code should be run securely.
Reference in New Issue View Git Blame Copy Permalink