anthonygego
commented
1 year ago Does a shared folder, mounted in R/W in grading container, and mounted in RO in student container would fit this need ?
Open augustindelecluse opened 1 year ago
anthonygego
commented
1 year ago Does a shared folder, mounted in R/W in grading container, and mounted in RO in student container would fit this need ?
augustindelecluse
commented
1 year ago I am still unfamiliar to all inginious features and I don't know exactly what's the difference between a grading container and a student container.
It does not exactly fit my needs if I understand correctly your proposal. To give a concrete example, I pull code from a github repository, having this kind of structure:
- data
- src
- main
- testOnce the code has been pulled, I want to lock the data directory in RO and then run the tests. However mounting the data directory would change its path (please correct me if I'm wrong) and the static paths written within the tests would not be correct anymore.
anthonygego
commented
1 year ago run_student launches a new container mounting only /task/student folder, making /task empty for the student code. This is why all the files used for run_student have to be moved into that folder. A selected folder could then be writable for the grading scripts but seen as a read-only folder for anything running inside run_student.
A compromise could be to specify to run_student which directories should become read-only in the student container.
Working with UNIX permissions would require running the containers with different users (we don't run the docker container as root for security reasons and the API is running in user-space, kata can be used if root is needed), which would be more complex to implement and would probably lead to permission issues nightmare to the user. Making this a feature would also totally exclude any support for non-Unix Docker hosts in the future.
augustindelecluse
commented
1 year ago So if I understand correctly, the procedure would be
/task/student (and thus have a /task/student/data directory)run_student to test the code, specifying that data is ROIf so it would fit my needs, yes
Is your feature request related to a problem? Please describe. For several courses, we give instances to students and expect them to give a result related to it (e.g. given a Traveling Salesman Problem instance, find the tiniest detour). However a clever student can try to cheat by modifying the files given as input.
Describe the solution you'd like Ideally, before running the student's code, I would like to say that some directories / files are read-only and cannot change their permission. This way a student will not be able to modify them.
Describe alternatives you've considered Currently we are checking on our side that the files have not been modified. But it makes us write way more tests for something that can be done easily locally (on my computer I can simply
chowna file as root, set it as read-only for everyone and I will not be able to modify it without using being the root).Additional context I am not interested in a solution where this would have to be specified statically in a configuration file but rather as a command within the tasks. Indeed, some instances are pulled from the internet and we don't want to make an update on both side (external ressource + inginious) every time a change occurs for the files. I would like, within a task, to fetch the files, put them as read-only using a command and then launch the test itself.