All the sites that allow users to execute code (for example codecademy.com, repl.it, codewars.com, qualified.io) use virtualization to create virtual environments for the code execution.
Environments have to be isolated and have to be limited - we don’t want users to play with other users’ codebases, or worse - with our infrastructure, right? So containers and virtual machines are being used.
For example, qualified.io has a Docker registry with an image for each language they support, you can find the images here → Docker Hub. So whenever they have to run the code that was submitted by the user:
- they pick the right image;
- they create a container based on this image;
- they run some preprocessing tasks;
- they copy the code files into the container;
- they execute the script;
- they gather the output from the script itself and the defined tests;
- they kill the container.
Here → GitHub - remoteinterview/compilebox: Compile and run user-submitted code in a docker based sandbox. you can find the repository of the code runner that was used by the remoteinterview.io project. This repository should be archived by now, it’s not maintained. And this claim:
The system will test the code in an isolated environment. This way you do not have to worry about untrusted code possibly damaging your server intentionally or unintentionally.
is simply misleading. You should always be wary when you execute untrusted code. There is always a possibility of finding an escape from the virtualization, and giving the user access to the host machine is the worst-case scenario.
Nonetheless, it shows how the code runners operate, so it might be a righ resource for you.
Another example of a similar service (with exactly the same caveat) → GitHub - StepicOrg/epicbox: Run untrusted code in secure Docker based sandboxes.
So, is that a real system? Yes. But with a few layers of virtualization, isolation, and other security layers.
To learn more about containers and their use with the untrusted code I would suggest searching using these keywords:
- Kata containers;
- sandboxed containers.