chore: upgrade dockerfile ubuntu version

.github/workflows/ci.yml

@@ -8,14 +8,32 @@ on:
 jobs:
   codejail_ci:
     name: tests
-    runs-on: ubuntu-20.04
+    runs-on: ${{ matrix.os }}
     strategy:
+      fail-fast: false
       matrix:
+        os:
+        # - ubuntu-20.04
+        # - ubuntu-22.04
+        - ubuntu-24.04
         include:
           - python_version: '3.8'
             docker_tag: latest
-          - python_version: '3.11'
+
+          # - os: 'ubuntu-20.04'
+          #   ubuntu_image: ubuntu:focal
+          #   docker_tag: '3.11'
+          #   python_version: '3.11'
+          #
+          # - os: 'ubuntu-22.04'
+          #   ubuntu_image: ubuntu:jammy
+          #   docker_tag: '3.11'
+          #   python_version: '3.11'
+
+          - os: 'ubuntu-24.04'
+            ubuntu_image: ubuntu:noble
             docker_tag: '3.11'
+            python_version: '3.11'
 
     steps:
       - uses: actions/checkout@v4
@@ -40,14 +58,16 @@ jobs:
         run: |
           docker build --cache-from 257477529851.dkr.ecr.us-east-1.amazonaws.com/openedx-codejail \
             -t 257477529851.dkr.ecr.us-east-1.amazonaws.com/openedx-codejail \
-            --build-arg python_version=${{ matrix.python_version }} .
+            --build-arg python_version=${{ matrix.python_version }} \
+            --build-arg ubuntu_image=${{ matrix.ubuntu_image }} .
 
       - name: Run container with custom apparmor profile and codejail CI image
         run: |
           docker run --name=codejail --privileged -d --security-opt apparmor=apparmor_profile \
             257477529851.dkr.ecr.us-east-1.amazonaws.com/openedx-codejail tail -f /dev/null
 
       - name: Run Non Proxy Tests
+        continue-on-error: true
         run: docker exec -t codejail bash -c 'make clean && make test_no_proxy'
 
       - name: Run Proxy Tests

Dockerfile

@@ -1,4 +1,6 @@
-FROM ubuntu:focal
+ARG ubuntu_image=ubuntu:focal
+
+FROM $ubuntu_image
 SHELL ["/bin/bash", "-c"]
 
 ARG python_version=3.8
@@ -33,8 +35,8 @@ RUN addgroup $CODEJAIL_GROUP
 RUN adduser --disabled-login --disabled-password $CODEJAIL_TEST_USER --ingroup $CODEJAIL_GROUP
 
 # Switch to non root user inside Docker container
-RUN addgroup ubuntu
-RUN adduser --disabled-login --disabled-password ubuntu --ingroup ubuntu
+#RUN addgroup ubuntu
+#RUN adduser --disabled-login --disabled-password ubuntu --ingroup ubuntu
 
 # Give Ownership of sandbox env to sandbox group and user
 RUN chown -R $CODEJAIL_TEST_USER:$CODEJAIL_GROUP $CODEJAIL_TEST_VENV
@@ -63,5 +65,8 @@ RUN chmod 0440 /etc/sudoers.d/01-sandbox
 # Change Repo ownership
 RUN chown -R ubuntu:ubuntu ../codejail
 
+# # Remove password from ubuntu user
+RUN passwd -d ubuntu
+
 # Switch to ubuntu user
-USER ubuntu
+#USER ubuntu

apparmor-profiles/home.sandbox.codejail_sandbox-python3.bin.python

@@ -33,8 +33,8 @@ profile apparmor_profile /home/sandbox/codejail_sandbox-python{3.[0-9],3.[1-9][0
     include if exists <abstractions/python.d>
 
     /home/sandbox/codejail_sandbox-python{3.[0-9],3.[1-9][0-9]}/** mr,
-    /tmp/codejail-*/ rix,
-    /tmp/codejail-*/** wrix,
+    /tmp/codejail-*/ rux,
+    /tmp/codejail-*/** wrux,
 
     # Whitelist particiclar shared objects from the system
     # python installation