Add a sandbox for Python interpreter

Switch to user "nobody" and set additional limits.
author: Timotej Lazar <timotej.lazar@araneo.org> 2015-10-07 17:25:35 +0200
committer: Timotej Lazar <timotej.lazar@araneo.org> 2015-10-07 17:25:35 +0200
commit: 76cbfe9d620ca66a374b828c011c937918f80c2c (patch)
tree: 8ee165821df9ab46fda38869d1ae856be4efd2c7 /readme.md
parent: b7b4979f03f4d06919e251cfcc24642ccf9407ad (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/readme.md b/readme.md
index a15b4f0..789fc95 100644
--- a/readme.md
+++ b/readme.md
@@ -49,6 +49,17 @@ nodejs
 Run "npm install" inside the codeq-server/web directory to install all
 dependencies (they will be installed inside the web directory)
 
+sandbox
+-------
+
+Go to directory codeq-server/python/runner and run the following commands to
+build the sandbox and set appropriate permissions:
+
+    make sandbox
+    mate terminator
+    sudo setcap cap_setuid,cap_setgid+ep sandbox
+    sudo setcap cap_setuid,cap_setgid+ep terminator
+
 Settings
 ========
author	Timotej Lazar <timotej.lazar@araneo.org>	2015-10-07 17:25:35 +0200
committer	Timotej Lazar <timotej.lazar@araneo.org>	2015-10-07 17:25:35 +0200
commit	76cbfe9d620ca66a374b828c011c937918f80c2c (patch)
tree	8ee165821df9ab46fda38869d1ae856be4efd2c7 /readme.md
parent	b7b4979f03f4d06919e251cfcc24642ccf9407ad (diff)