From 76cbfe9d620ca66a374b828c011c937918f80c2c Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@araneo.org>
Date: Wed, 7 Oct 2015 17:25:35 +0200
Subject: Add a sandbox for Python interpreter

Switch to user "nobody" and set additional limits.
---
 readme.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'readme.md')

diff --git a/readme.md b/readme.md
index a15b4f0..789fc95 100644
--- a/readme.md
+++ b/readme.md
@@ -49,6 +49,17 @@ nodejs
 Run "npm install" inside the codeq-server/web directory to install all
 dependencies (they will be installed inside the web directory)
 
+sandbox
+-------
+
+Go to directory codeq-server/python/runner and run the following commands to
+build the sandbox and set appropriate permissions:
+
+    make sandbox
+    mate terminator
+    sudo setcap cap_setuid,cap_setgid+ep sandbox
+    sudo setcap cap_setuid,cap_setgid+ep terminator
+
 Settings
 ========
 
-- 
cgit v1.2.1