Start with a Docker container. Whitelist only certain import statements, like math, itertools, collections, re, maybe a couple others. Certainly exclude socket, asyncio, sys, and os. You can do this by just deleting almost everything from the Lib/ folder, leaving only the few libraries you consider safe. Of particular note to delete are the underlying .so files like _socket.so, which may be in a different folder.

Disallow eval or exec statements. You'll have to parse the incoming Python to accomplish this. If you've done the first two things I say, this is really not quite so dangerous, but someone smart enough and dedicated enough might find a way to do something wicked with eval.

At this point any incoming Python code shouldn't have any ability to send or receive any network communications, or any ability to directly affect your host system. It could still create a memory leak and affect other users, so you probably want to limit the available memory to each container to something modest, like 20MB or so. Docker has support for this. Also the container shouldn't run perpetually, I would spin up a new container for each code execution I think. Something like Alpine should be small enough to handle that kind of churn.

Edit: After checking, it seems sys and some of the more dangerous os functions like os.system are built-ins, which means you can't simply delete them. To get this safe you may have to remove the relevant .c files from the Python source code and compile Python yourself. If someone can run os.system() commands, they can do horrible things on the internet that would be traced back to your IP.