Ask HN: Secure Python code execution environment
Hello HN. Currently, I am looking into a project where clients could submit external Python code for execution on my server. I assume this project would eventually attract malicious users trying to inflict as much damage as possible. Therefore, I looked for solutions that allowed me to execute Python code in an isolated and secure environment. Initially, I stumbled upon RestrictedPython:
https://restrictedpython.readthedocs.io/en/latest/
However, after reading its documentation:
> RestrictedPython is not a sandbox system or a secured environment, but it helps to define a trusted environment and execute untrusted code inside of it.
and public reviews (as well as reviews on similar approaches [1]), the approach does not seem to satisfy my requirements. After some additional searching, I found a possible dockerized solution:
https://github.com/engineer-man/piston
I want to ask the HN community if anybody has experience in this problem space and what solutions they would suggest. Is the Piston's dockerized approach secure enough to be used in production systems?
I would really appreciate any insights anyone could provide. [1] The failure of pysandbox: https://lwn.net/Articles/574215/