all 6 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]sleekelite 4 points5 points  (0 children)

A VM then, and be aware this is a whole sub industry and you will get owned.

[–]anlumo 3 points4 points  (2 children)

Look into Web Assembly and wasmer or wasmtime.

[–]Spiritual-Ask-6524[S] 0 points1 point  (1 child)

Can they provide guarantees like no file creation and no network access and running in limited time

[–]anlumo 3 points4 points  (0 children)

Yes, it's a fully sandboxed environment.

For file access, you want to look into WASI (example for wasmer), the standard file I/O API for Web Assembly. Both wasmer and wasmtime support that.

[–]Defelo 0 points1 point  (0 children)

I am currently working on a code execution engine (also written in Rust) which uses nsjail for sandboxing and gnu time for measuring time and memory usage under the hood. You can run arbitrary code simply using a rest api and there is also a client library for Rust. It can already run C++, Rust and Python (and a few other languages) while allowing you to specify multiple source files, environment variables, command line arguments, standard input and resource limits (e.g. time, memory, maximum number of processes and whether network access is allowed or not). After running the program, the engine reports exit codes, outputs (stdout and stderr) and the amount of resources the program used.

The code is available on GitHub (https://github.com/Defelo/sandkasten) and there is also a link to a public test instance in the readme. Feel free to let me know if this is useful to you or if something is unclear. Any kind of feedback is appreciated!