Using python for writing models: How to run models in restricted python mode?
Jean-Paul Calderone
exarkun at divmod.com
Mon Nov 7 16:35:25 EST 2005
On 7 Nov 2005 12:54:40 -0800, vinjvinj <vinjvinj at gmail.com> wrote:
>I have an application which allows multiple users to write models.
>These models get distributed on a grid of compute engines. users submit
>their models through a web interface. I want to
>
>1. restrict the user from doing any file io, exec, import, eval, etc. I
>was thinking of writing a plugin for pylint to do all the checks? Is
>this is a good way given that there is no restricted python. What are
>the things I should serach for in python code
>
>2. restrict the amount of memory a module uses as well. For instance
>how can I restrict a user from doing a = range(10000000000) or similar
>tasks so that my whole compute farm does not come down.
There is currently no way to do either of these things. The most realistic approach at this time seems to be to rely on your operating system's capabilities to limit resource access and usage on a per-process. That is, run each piece of submitted code in a separate, unprivileged process, with the appropriate limits in place.
Jean-Paul
More information about the Python-list
mailing list