search

eduNEXT / tutor-contrib-codejail

Tutor plugin that enables execution of untrusted code in secure sandboxes using an external service based on the codejail library.
GNU Affero General Public License v3.0
3 stars 13 forks source link

[BUG] Codejail failing with latest tutor release 14.0.4 #25

Closed mariajgrimaldi closed 1 year ago

mariajgrimaldi commented 2 years ago

Describe the bug The bug described here seems to be back on Nutmeg (Tutor 14.0.4) with the latest plugin (https://github.com/eduNEXT/tutor-contrib-codejail/commit/ce71496fad6491fa4923c00f11b4650589a91e36)

image

image

image

image

To Reproduce Steps to reproduce the behavior:

  1. Install tutor, tutor-contrib-codejail, codejailservice from source
  2. Move to nutmeg branches: nutmeg -for tutor-, 14.0.0 -for codejailservice-, MJG/nutmeg -for tutor-contrib-codejail-
  3. Install plugin
  4. Build images: tutor config save && tutor images build all
  5. Init services: tutor dev init
  6. Follow test instructions here. The error will appear in the course component. Further testing:
  7. Enter container: tutor dev dc run codejailservice bash
  8. Activate environment: source /sandbox/venv/bin/activate
  9. Run python, the same error will appear
mariajgrimaldi commented 2 years ago

I opened this new issue following the latest comments of the latest issue regarding nutmeg support. So we don't generate more noise there.

I haven't been able to reproduce this error in my local environment with ubuntu 20.04 and a nutmeg installation, it works for me with the latest plugin changes.

mariajgrimaldi commented 2 years ago

Hello there @Abdess! I opened this to keep track of your issue, given that the original error was resolved & it was working at the time (and it's currently working for us), we must now figure out what's happening with your installation.

MoisesGSalas commented 2 years ago

Hi @Abdess, if you are still having this issue I would like if you provide a bit more info such as:

Abdess commented 2 years ago

Hello @mariajgrimaldi and @MoisesGSalas

Strange, I think I'd better retry an installation on my side to see if it happens again. To facilitate the investigation, I can provide you a private access to the server. What do you think?

MoisesGSalas commented 2 years ago

Thanks for the offer @Abdess, bu lets leave it as a last resource. Also, keep in mind that the profile does not persist between reboots.

Abdess commented 2 years ago

Hi @Abdess, if you are still having this issue I would like if you provide a bit more info such as:

  • OS version that you are running
  • Docker version
  • Output of the command tutor local init --limit=codejail
  • Output of the command sudo apparmor_status

Ok so :

Creating tutor_local_codejail_apparmor-job_run ... done W0902 15:55:55.173586 1 loader.go:91] No new profiles found. All services initialised.

apparmor module is loaded. 18 profiles are loaded. 14 profiles are in enforce mode. /snap/core/13425/usr/lib/snapd/snap-confine /snap/core/13425/usr/lib/snapd/snap-confine//mount-namespace-capture-helper /usr/lib/snapd/snap-confine /usr/lib/snapd/snap-confine//mount-namespace-capture-helper /usr/sbin/ntpd docker-default docker-edx-sandbox docker-edx-sandbox//child lsb_release nvidia_modprobe nvidia_modprobe//kmod snap-update-ns.certbot snap-update-ns.core snap.core.hook.configure 4 profiles are in complain mode. snap.certbot.certbot snap.certbot.hook.configure snap.certbot.hook.prepare-plug-plugin snap.certbot.renew 41 processes have profiles defined. 41 processes are in enforce mode. /usr/sbin/ntpd (645) /sbin/tini (3897) docker-default /usr/bin/caddy (4275) docker-default /usr/sbin/mysqld (4277) docker-default /usr/sbin/exim4 (4404) docker-default /usr/bin/caddy (4614) docker-default /usr/bin/mongod (4719) docker-default /tini (5207) docker-default /usr/local/bin/redis-server (5274) docker-default /usr/share/elasticsearch/jdk/bin/java (5358) docker-default /usr/bin/dash (5502) docker-default /openedx/venv/bin/uwsgi (5630) docker-default /openedx/venv/bin/uwsgi (5636) docker-default /usr/bin/dash (5721) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (5729) docker-default /openedx/venv/bin/uwsgi (5835) docker-default /openedx/venv/bin/uwsgi (5840) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (5893) docker-default /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller (6142) docker-default /openedx/venv/bin/uwsgi (6509) docker-default /openedx/venv/bin/uwsgi (6530) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (6552) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (6553) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (6555) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (6557) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (6558) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (6566) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (6570) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (6571) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (6572) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (6573) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (6574) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (6575) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (6582) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (6584) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (6586) docker-default /opt/pyenv/versions/3.8.12/bin/python3.8 (6588) docker-default /usr/bin/dash (4717) docker-edx-sandbox /openedx/venv/bin/uwsgi (5155) docker-edx-sandbox /openedx/venv/bin/uwsgi (5164) docker-edx-sandbox /openedx/venv/bin/uwsgi (5350) docker-edx-sandbox 0 processes are in complain mode. 0 processes are unconfined but have a profile defined.

Abdess commented 2 years ago

Feel free to ask me for as much information as you want, I will be available to provide it to you.

mariajgrimaldi commented 1 year ago

@Abdess: hello again! Sorry for the delayed response.

Do you keep getting this error in your installation? 🤔

Abdess commented 1 year ago

Hi @mariajgrimaldi glad you asked the question. :) Also, I apologize for the delay in my reply.

Just tested with the latest updates. I still get the same error. 🤔

EDIT: I update to olive and keep you informed. 👍

UPDATE:

Result :

image

🤔

MaferMazu commented 1 year ago

@Abdess, thanks for the information; we created a card in our backlog to review for the next sprints.

MaferMazu commented 1 year ago

Can we put this issue in the next sprints? @Alec4r @santiagosuarezedunext

luisfelipec95 commented 1 year ago

An attempt was made to replicate the error by following the following steps:

Based on the example of loncapa problems: https://github.com/eduNEXT/tutor-contrib-codejail/blob/main/docs/resources/course_codejail_example.tar.gz. The error could not be replicated; the issue will be closed. If the problem persists, please open a new one.

MaferMazu commented 1 year ago

@Abdess, sorry for the late response.

As @luisfelipec95 said, we couldn't replicate the error; we tested codejail locally and in several productive environments.

My first suspect was that you probably don't have encodings installed, but I already tried it, and you don't need something special to use the encoding package. Reading more carefully in your logs, they said that you don't have the PYTHONHOME or PYTHONPATH, but I was looking for those variables in this plugin and the services to see what happened in the code, and I didn't find them.

I suggest you two things: