openedx · MoisesGSalas · Nov 21, 2024 · Nov 21, 2024 · Nov 21, 2024 · Nov 21, 2024
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -12,26 +12,25 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
+        python_version: ['3.11', '3.12']
+        ubuntu_version: ['20.04','22.04','24.04']
         include:
-          - python_version: '3.11'
-            ubuntu_version: '20.04'
+          - ubuntu_version: '20.04'
             os: "ubuntu-20.04"
-          - python_version: '3.11'
-            ubuntu_version: '22.04'
+          - ubuntu_version: '22.04'
             os: "ubuntu-22.04"
-          - python_version: '3.11'
-            ubuntu_version: '24.04'
+          - ubuntu_version: '24.04'
             os: "ubuntu-24.04"
 
     steps:
       - uses: actions/checkout@v4
       - name: Parse custom apparmor profile with default feature ABI
         if: ${{ matrix.ubuntu_version == '20.04' }}
-        run: sudo apparmor_parser -r -W apparmor-profiles/home.sandbox.codejail_sandbox-python3.bin.python-default-abi
+        run: sudo apparmor_parser -r -W apparmor-profiles/home.sandbox.codejail-sandbox-venv.bin.python-default-abi
 
       - name: Parse custom apparmor profile with ABI 3.0
         if: ${{ matrix.ubuntu_version != '20.04' }}
-        run: sudo apparmor_parser -r -W apparmor-profiles/home.sandbox.codejail_sandbox-python3.bin.python-abi3
+        run: sudo apparmor_parser -r -W apparmor-profiles/home.sandbox.codejail-sandbox-venv.bin.python-abi3
 
       - name: Build latest code changes into CI image
         run: |

diff --git a/Dockerfile b/Dockerfile
@@ -10,21 +10,27 @@ ENV TZ=Etc/UTC
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y software-properties-common
 RUN add-apt-repository -y ppa:deadsnakes/ppa && apt-get update && apt-get upgrade -y
-RUN apt-get install -y vim python${python_version} python${python_version}-dev python${python_version}-distutils
-RUN apt-get install -y sudo git make curl build-essential
-RUN curl -sS https://bootstrap.pypa.io/get-pip.py | python${python_version}
-RUN pip install virtualenv
+RUN apt-get install -y \
+    vim \
+    python${python_version} \
+    python${python_version}-dev \
+    python${python_version}-venv \
+    sudo \
+    git \
+    make \
+    curl \
+    build-essential
 
 # Define Environment Variables
 ENV CODEJAIL_GROUP=sandbox
 ENV CODEJAIL_SANDBOX_CALLER=ubuntu
 ENV CODEJAIL_TEST_USER=sandbox
-ENV CODEJAIL_TEST_VENV=/home/sandbox/codejail_sandbox-python${python_version}
+ENV CODEJAIL_TEST_VENV=/home/sandbox/codejail-sandbox-venv
 
 # Create Virtualenv for sandbox user
-RUN virtualenv -p python${python_version} --always-copy $CODEJAIL_TEST_VENV
+RUN python${python_version} -m venv --copies $CODEJAIL_TEST_VENV
 
-RUN virtualenv -p python${python_version} venv
+RUN python${python_version} -m venv venv
 ENV VIRTUAL_ENV=/venv
 
 # Add venv/bin to path
@@ -51,20 +57,23 @@ RUN chown -R $CODEJAIL_TEST_USER:$CODEJAIL_GROUP $CODEJAIL_TEST_VENV
 WORKDIR /codejail
 
 # Clone Requirement files
+COPY ./requirements/pip.txt /codejail/requirements/pip.txt
 COPY ./requirements/sandbox.txt /codejail/requirements/sandbox.txt
 COPY ./requirements/testing.txt /codejail/requirements/testing.txt
 
 # Install codejail_sandbox sandbox dependencies
 RUN source $CODEJAIL_TEST_VENV/bin/activate && pip install -r /codejail/requirements/sandbox.txt && deactivate
 
 # Install testing requirements in parent venv
-RUN pip install -r /codejail/requirements/sandbox.txt && pip install -r /codejail/requirements/testing.txt
+RUN pip install -r /codejail/requirements/pip.txt && \
+    pip install -r /codejail/requirements/sandbox.txt && \
+    pip install -r /codejail/requirements/testing.txt
 
 # Clone Codejail Repo
 COPY . /codejail
 
 # Setup sudoers file
-COPY sudoers-file/01-sandbox-python-${python_version} /etc/sudoers.d/01-sandbox
+COPY sudoers-file/01-sandbox-python /etc/sudoers.d/01-sandbox
 
 # Change Sudoers file permissions
 RUN chmod 0440 /etc/sudoers.d/01-sandbox

diff --git a/Makefile b/Makefile
@@ -47,5 +47,7 @@ isort: ## apply automatic import sorting
 requirements: dev-requirements
 
 dev-requirements:
+	pip install -q -r requirements/pip.txt
+	pip install -q -r requirements/pip_tools.txt
 	pip install -r requirements/sandbox.txt
 	pip install -r requirements/development.txt
diff --git a/....codejail_sandbox-python3.bin.python-abi3 → ...box.codejail-sandbox-venv.bin.python-abi3 b/....codejail_sandbox-python3.bin.python-abi3 → ...box.codejail-sandbox-venv.bin.python-abi3
@@ -1,6 +1,6 @@
 abi <abi/3.0>,
 #include <tunables/global>
-profile apparmor_profile /home/sandbox/codejail_sandbox-python{3.[0-9],3.[1-9][0-9]}/bin/python {
+profile apparmor_profile /home/sandbox/codejail-sandbox-venv/bin/python {
     #include <abstractions/base>
     #include <abstractions/python>
 
@@ -42,7 +42,7 @@ profile apparmor_profile /home/sandbox/codejail_sandbox-python{3.[0-9],3.[1-9][0
     # Include additions to the abstraction
     include if exists <abstractions/python.d>
 
-    /home/sandbox/codejail_sandbox-python{3.[0-9],3.[1-9][0-9]}/** mr,
+    /home/sandbox/codejail-sandbox-venv/** mr,
     /tmp/codejail-*/ rix,
     /tmp/codejail-*/** wrix,
 

diff --git a/...il_sandbox-python3.bin.python-default-abi → ...ejail-sandbox-venv.bin.python-default-abi b/...il_sandbox-python3.bin.python-default-abi → ...ejail-sandbox-venv.bin.python-default-abi
@@ -1,5 +1,5 @@
 #include <tunables/global>
-profile apparmor_profile /home/sandbox/codejail_sandbox-python{3.[0-9],3.[1-9][0-9]}/bin/python {
+profile apparmor_profile /home/sandbox/codejail-sandbox-venv/bin/python {
     #include <abstractions/base>
     #include <abstractions/python>
 
@@ -41,7 +41,7 @@ profile apparmor_profile /home/sandbox/codejail_sandbox-python{3.[0-9],3.[1-9][0
     # Include additions to the abstraction
     include if exists <abstractions/python.d>
 
-    /home/sandbox/codejail_sandbox-python{3.[0-9],3.[1-9][0-9]}/** mr,
+    /home/sandbox/codejail-sandbox-venv/** mr,
     /tmp/codejail-*/ rix,
     /tmp/codejail-*/** wrix,
 

diff --git a/sudoers-file/01-sandbox-python-3.11 → sudoers-file/01-sandbox-python b/sudoers-file/01-sandbox-python-3.11 → sudoers-file/01-sandbox-python
@@ -1,7 +1,7 @@
-ubuntu ALL=(sandbox) SETENV:NOPASSWD:/home/sandbox/codejail_sandbox-python3.11/bin/python
+ubuntu ALL=(sandbox) SETENV:NOPASSWD:/home/sandbox/codejail-sandbox-venv/bin/python
 ubuntu ALL=(sandbox) SETENV:NOPASSWD:/usr/bin/find
 ubuntu ALL=(ALL) NOPASSWD:/usr/bin/pkill
 
-Defaults!/home/sandbox/codejail_sandbox-python3.11/bin/python !requiretty
+Defaults!/home/sandbox/codejail-sandbox-venv/bin/python !requiretty
 Defaults!/usr/bin/find !requiretty
 Defaults!/usr/bin/pkill !requiretty