Skip to content

Releases: jcrodriguez-dis/vpl-jail-system

VPL-JAIL-SYSTEM V4.0.4

06 Mar 19:05
@jcrodriguez-dis jcrodriguez-dis
V4.0.4
a09d57d
Compare
Choose a tag to compare
VPL-JAIL-SYSTEM V4.0.4 Pre-release
Pre-release

VPL Jail System 4.0.4 Release Notes

Version 4.0.4 is a bug-fix release that addresses issues and includes minor improvements to enhance system stability and performance.

Bug Fixes

  • XML Encoder Compatibility: Improved the XML encoder for better compatibility with various systems.
  • UTF-8 Parser Robustness: Enhanced the UTF-8 parser to eliminate invalid code points, improving compatibility.
  • Home Directory Cleanup: Fixed a bug introduced in 4.0.3 that prevented the removal of files and directories with unusual names when eliminating the user home directory.
  • QueryString checking: Fixed bug parsing queryString. This bug was preventing the request of private browsing mode for web apps.
  • YUM Package Manager Support: Restored support for the yum package manager to keep compatibility with Linux distributions that uses it. The installation process will use the same package list as the DNF package manager.
  • Bash Script Newline Handling: Standardized newline characters in Bash scripts by normalizing script code to use \n, improving script execution reliability.
  • Typographical Correction: Corrected a long-standing typo by replacing "seg" with the correct abbreviation for seconds, "sec."

This release is recommended for all users to enhance compatibility and robustness.

VPL Jail System 4.0.3 Release Notes

The 4.0.3 version includes critical security fixes. Updates should be made immediately following the instructions below.

This document outlines fixes and improvements introduced in the VPL Jail System since version 3.0.1. The highlights of these changes include critical security fixes and the introduction of Docker support, among other significant improvements.

Server Bug Fixes

  • Critical security flaw:
    • This critical bug requires updating your VPL Jail System to the latest version immediately. The update requires using a machine with a freshly installed operating system. Remember to save your configuration file and certificates before completing the update.
    • If you are currently using the security parameters URLPATH and/or TASK_ONLY_FROM in your VPL Jail Servers's configuration, you are better protected against an attack. If you are not using these parameters, you may implement them as an immediate protection measure before updating. See VPL Jail System security parameters.
  • Fixed JSON encoding of control codes < 32.
  • Standardized JSONRPC to use three parameters while maintaining backward compatibility for two parameters.
  • Fixed a bug in checking repeated parameters.
  • Fixed a bug in control of log levels.
  • Fixed an important bug that prevented waiting for the retrieval action before cleaning task information.

Docker Support

  • Auto-detection of containerized environments.
  • Capability to run the jail server inside a container, both in privileged and non-privileged modes.
  • Includes three Dockerfiles for various configurations:
    • Dockerfile.no_https: HTTP without HTTPS support.
    • Dockerfile: HTTP and HTTPS support.
    • Dockerfile.letsencrypt: HTTP and HTTPS with Let's Encrypt certificates.
  • Three Compose files (compose.no_https.yaml, compose.yaml, compose.letsencrypt.yaml) corresponding to the Dockerfiles.
  • Non-privileged mode set as default.

VPL Jail System Images Available on Docker Hub

You can access built images of the VPL Jail System running on different operating systems. The official account that distributes these images is jcrodriguezvpl. There is a repository for each operating system. These images have been built with the VPL Jail System installed along with a full suite of development software. For example, one of the repositories is jail-fedora-full.

Server Enhancements

  • Added the ability to start the server in foreground mode, suitable for containerized environments.
  • Introduced support for challenge mode for Let's Encrypt certificate management. Available using the new CERTBOT_WEBROOT_PATH configuration parameter to support certbot.
  • Allow running waiting for certificates.
  • Environment Variable Support: Configuration parameters from environment variables now take precedence over the config file. Environment variables should be prefixed with VPL_JAIL_, followed by the config parameter name.
    • Example: export VPL_JAIL_PORT=8000 to set the PORT parameter.
  • Added an experimental script to automatically update the software by fetching the latest version from GitHub and applying updates if needed.

Installer Updates

  • Introduced new command-line options for the installer:

    • help: Display help information.

    • update: Update the VPL Jail System server software.

    • start: Start the VPL Jail System service post-installation.

    • noninteractive: Enable installation without user interaction.

    • [inst_level]: Set installation level (minimum, basic, standard, full).

    • list: Show packages to be installed per [inst_level].

    • Examples of installer launch:

      • ./install-vpl.sh update: Update server software.
      • ./install-vpl.sh standard noninteractive start: Non-interactive installation of standard packages and start the server.
      • ./install-vpl.sh full: Interactive installation of all development packages.
  • Added Rust programming language support.
  • Added .NET packages, enabling support for C#, F#, and Visual Basic .NET. C# on Mono remains available if .NET is not installed.
  • Expanded package manager support to APT, DNF, and APK, increasing compatibility with various Linux distributions. YUM support has been discontinued.
  • Package Customization: Extracted the list of packages to install to separate files, allowing for better customization. These files are located in the package_files directory.

Running Tasks Enhancement

  • VNC Launching Enhancements:

    • Fixes and improvements in the VNC launch process.
    • Confirmed functionality on Fedora, Ubuntu, Debian, and Alpine distributions.

  • Terminal and Task Execution Changes:

    • Modified running tasks terminal behavior to use only newline as the end-of-line character.
    • Removed local echo in evaluations.

Other Improvements and Fixes

  • Improved testing by performing syntax checks for bash scripts.
  • Fixed a typo in the name of CERTBOT.
  • Enhanced the installer to support command line options in any order.

Compatibility and Requirements

  • Operating System: VPL Jail System requires a Linux operating system.
  • Service Manager: The host system may use either systemd or System V as a service manager, or Docker.
  • Package Manager: The installer requires APK, APT, or DNF package managers to install common development software.
  • Compilation Requirements: The system is distributed in source format and requires a C++ compiler (supporting C++11) and the OpenSSL library for compilation.
  • Tested Environments: The current version has been tested on various Linux distributions, including Alpine, Ubuntu, Debian, and Fedora.
Loading

VPL-JAIL-SYSTEM V4.0.3

18 Jun 08:28
@jcrodriguez-dis jcrodriguez-dis
V4.0.3
d21ba36
Compare
Choose a tag to compare
VPL-JAIL-SYSTEM V4.0.3 Latest
Latest

VPL Jail System 4.0.3 Release Notes

The 4.0.3 version includes critical security fixes. Updates should be made immediately following the instructions below.

This document outlines fixes and improvements introduced in the VPL Jail System since version 3.0.1. The highlights of these changes include critical security fixes and the introduction of Docker support, among other significant improvements.

Server Bug Fixes

  • Critical security flaw:
    • This critical bug requires updating your VPL Jail System to the latest version immediately. The update requires using a machine with a freshly installed operating system. Remember to save your configuration file and certificates before completing the update.
    • If you are currently using the security parameters URLPATH and/or TASK_ONLY_FROM in your VPL Jail Servers's configuration, you are better protected against an attack. If you are not using these parameters, you may implement them as an immediate protection measure before updating. See VPL Jail System security parameters.
  • Fixed JSON encoding of control codes < 32.
  • Standardized JSONRPC to use three parameters while maintaining backward compatibility for two parameters.
  • Fixed a bug in checking repeated parameters.
  • Fixed a bug in control of log levels.
  • Fixed an important bug that prevented waiting for the retrieval action before cleaning task information.

Docker Support

  • Auto-detection of containerized environments.
  • Capability to run the jail server inside a container, both in privileged and non-privileged modes.
  • Includes three Dockerfiles for various configurations:
    • Dockerfile.no_https: HTTP without HTTPS support.
    • Dockerfile: HTTP and HTTPS support.
    • Dockerfile.letsencrypt: HTTP and HTTPS with Let's Encrypt certificates.
  • Three Compose files (compose.no_https.yaml, compose.yaml, compose.letsencrypt.yaml) corresponding to the Dockerfiles.
  • Non-privileged mode set as default.

VPL Jail System Images Available on Docker Hub

You can access built images of the VPL Jail System running on different operating systems. The official account that distributes these images is jcrodriguezvpl. There is a repository for each operating system. These images have been built with the VPL Jail System installed along with a full suite of development software. For example, one of the repositories is jail-fedora-full.

Server Enhancements

  • Added the ability to start the server in foreground mode, suitable for containerized environments.
  • Introduced support for challenge mode for Let's Encrypt certificate management. Available using the new CERTBOT_WEBROOT_PATH configuration parameter to support certbot.
  • Allow running waiting for certificates.
  • Environment Variable Support: Configuration parameters from environment variables now take precedence over the config file. Environment variables should be prefixed with VPL_JAIL_, followed by the config parameter name.
    • Example: export VPL_JAIL_PORT=8000 to set the PORT parameter.
  • Added an experimental script to automatically update the software by fetching the latest version from GitHub and applying updates if needed.

Installer Updates

  • Introduced new command-line options for the installer:

    • help: Display help information.

    • update: Update the VPL Jail System server software.

    • start: Start the VPL Jail System service post-installation.

    • noninteractive: Enable installation without user interaction.

    • [inst_level]: Set installation level (minimum, basic, standard, full).

    • list: Show packages to be installed per [inst_level].

    • Examples of installer launch:

      • ./install-vpl.sh update: Update server software.
      • ./install-vpl.sh standard noninteractive start: Non-interactive installation of standard packages and start the server.
      • ./install-vpl.sh full: Interactive installation of all development packages.
  • Added Rust programming language support.
  • Added .NET packages, enabling support for C#, F#, and Visual Basic .NET. C# on Mono remains available if .NET is not installed.
  • Expanded package manager support to APT, DNF, and APK, increasing compatibility with various Linux distributions. YUM support has been discontinued.
  • Package Customization: Extracted the list of packages to install to separate files, allowing for better customization. These files are located in the package_files directory.

Running Tasks Enhancement

  • VNC Launching Enhancements:

    • Fixes and improvements in the VNC launch process.
    • Confirmed functionality on Fedora, Ubuntu, Debian, and Alpine distributions.

  • Terminal and Task Execution Changes:

    • Modified running tasks terminal behavior to use only newline as the end-of-line character.
    • Removed local echo in evaluations.

Other Improvements and Fixes

  • Improved testing by performing syntax checks for bash scripts.
  • Fixed a typo in the name of CERTBOT.
  • Enhanced the installer to support command line options in any order.

Compatibility and Requirements

  • Operating System: VPL Jail System requires a Linux operating system.
  • Service Manager: The host system may use either systemd or System V as a service manager, or Docker.
  • Package Manager: The installer requires APK, APT, or DNF package managers to install common development software.
  • Compilation Requirements: The system is distributed in source format and requires a C++ compiler (supporting C++11) and the OpenSSL library for compilation.
  • Tested Environments: The current version has been tested on various Linux distributions, including Alpine, Ubuntu, Debian, and Fedora.
Assets 3
Loading

VPL-JAIL-SYSTEM V4.0.2

20 Feb 16:05
@jcrodriguez-dis jcrodriguez-dis
V4.0.2
44ed3e1
Compare
Choose a tag to compare
VPL-JAIL-SYSTEM V4.0.2

VPL Jail System 4.0.2 Release Notes

This document outlines the key changes introduced in VPL Jail System since the version 3.0.1. The highlight of this changes is the introduction of Docker support, among other significant improvements and fixes.

Docker Support

  • Auto-detection of containerized environments.
  • Capability to run the jail server inside a container, both in privileged and non-privileged modes.
  • Includes three Dockerfiles for various configurations:
    • Dockerfile.no_https: HTTP without HTTPS support.
    • Dockerfile: HTTP and HTTPS support.
    • Dockerfile.letsencrypt: HTTP and HTTPS with Let's Encrypt certificates.
  • Three Compose files (compose.no_https.yaml, compose.yaml, compose.letsencrypt.yaml) corresponding to the Dockerfiles.

Server Enhancements

  • Fixed JSON encoding of control codes < 32.
  • Added ability to start the server in foreground mode, suitable for containerized environments.
  • Standardized JSONRPC to use 3 parameters, while maintaining backward compatibility for 2 parameters.
  • Introduced support for challenge mode for Let's Encrypt certificate management. Available using new CERTBOT_WEBROOT_PATH configuration parameter to support certbot.
  • Allow running waiting for certificates.
  • Environment Variable Support. Configuration parameters from the environment variables now take precedence over the config file. Environment variables should be prefixed with VPL_JAIL_, followed by the config parameter name.
    • Example: export VPL_JAIL_PORT=8000 to set the PORT parameter.

Installer Updates

  • Introduced new command-line options for the installer:

    • help: Display help information.

    • update: Update the VPL-Jail-System server software.

    • start: Start the VPL-Jail-System service post-installation.

    • noninteractive: Enable installation without user interaction.

    • [inst_level]: Set installation level (minimum, basic, standard, full).

    • list: Show packages to be installed per [inst_level].

    • Examples of installer launch

      • ./install-vpl.sh update: Update server software.
      • ./install-vpl.sh standard noninteractive start: Non-interactive installation of standard packages and start the server.
      • ./install-vpl.sh full: Interactive installation of all development packages.
  • Added Rust programming language support.
  • Added .NET packages, enabling support for C#, F#, and Visual Basic .NET. C# on Mono remains available.
  • Expanded package manager support to APT, DNF, and APK, increasing the compatibility with various Linux distributions. YUM support has been discontinued.
  • Package Customization. Extracted the list of packages to install to separate files, allowing for better customization. These files are located in the package_files directory.

Running Tasks enhancement

  • VNC Launching Enhancements:

    • Fixes and improvements in VNC launch process.
    • Confirmed functionality on Fedora, Ubuntu, Debian, and Alpine distributions.

  • Terminal and Task Execution Changes:

    • Modified running tasks terminal behavior to use only newline as the end-of-line character.
    • Removed local echo in evaluations.

Other Improvements and fixes

  • Improved testing by performing syntax checks for bash scripts.
  • This update fixes a typo in the name of CERTBOT
  • The installer has been enhanced to support command line options in any order.
Loading

VPL-JAIL-SYSTEM V4.0.1

05 Feb 20:17
@jcrodriguez-dis jcrodriguez-dis
V4.0.1
940427a
Compare
Choose a tag to compare
VPL-JAIL-SYSTEM V4.0.1

VPL Jail System 4.0.1 Release Notes

This update introduces minor improvements over the previous version, 4.0.0.

Installer Updates

  • Added .NET packages, enabling support for C#, F#, and Visual Basic .NET. C# on Mono remains available.
  • The installer has been enhanced to support command line options in any order.

Other Improvements

-Improved testing by performing syntax checks for bash scripts.

Loading

V4.0.0

19 Dec 22:36
@jcrodriguez-dis jcrodriguez-dis
V4.0.0
0febf83
Compare
Choose a tag to compare
V4.0.0

VPL Jail System 4.0.0 Release Notes

This document outlines the key changes introduced in VPL Jail System 4.0.0, since the previous version 3.0.1. The highlight of this release is the introduction of Docker support, among other significant improvements and fixes.

Docker Support

  • Auto-detection of containerized environments.
  • Capability to run the jail server inside a container, both in privileged and non-privileged modes.
  • Includes three Dockerfiles for various configurations:
    • Dockerfile.no_https: HTTP without HTTPS support.
    • Dockerfile: HTTP and HTTPS support.
    • Dockerfile.letsencrypt: HTTP and HTTPS with Let's Encrypt certificates.
  • Three Compose files (compose.no_https.yaml, compose.yaml, compose.letsencrypt.yaml) corresponding to the Dockerfiles.

Server Enhancements

  • Fixed JSON encoding of control codes < 32.
  • Added ability to start the server in foreground mode, suitable for containerized environments.
  • Standardized JSONRPC to use 3 parameters, while maintaining backward compatibility for 2 parameters.
  • Introduced support for challenge mode for Let's Encrypt certificate management. Available using new CERBOT_WEBROOT_PATH configuration parameter to support certbot.
  • Allow running waiting for certificates.
  • Environment Variable Support. Configuration parameters from the environment variables now take precedence over the config file. Environment variables should be prefixed with VPL_JAIL_, followed by the config parameter name.
    • Example: export VPL_JAIL_PORT=8000 to set the PORT parameter.

Installer Updates

  • Introduced new command-line options for the installer:

    • help: Display help information.

    • update: Update the VPL-Jail-System server software.

    • start: Start the VPL-Jail-System service post-installation.

    • noninteractive: Enable installation without user interaction.

    • [inst_level]: Set installation level (minimum, basic, standard, full).

    • list: Show packages to be installed per [inst_level].

    • Examples of installer launch

      • ./install-vpl.sh update: Update server software.
      • ./install-vpl.sh standard noninteractive start: Non-interactive installation of standard packages and start the server.
      • ./install-vpl.sh full: Interactive installation of all development packages.
  • Added Rust programming language support.
  • Expanded package manager support to APT, DNF, and APK, increasing the compatibility with various Linux distributions. YUM support has been discontinued.
  • Package Customization. Extracted the list of packages to install to separate files, allowing for better customization. These files are located in the package_files directory.

Running Tasks enhancement

  • VNC Launching Enhancements:

    • Fixes and improvements in VNC launch process.
    • Confirmed functionality on Fedora, Ubuntu, Debian, and Alpine distributions.

  • Terminal and Task Execution Changes:

    • Modified running tasks terminal behavior to use only newline as the end-of-line character.
    • Removed local echo in evaluations.
Loading

V3.0.1

08 Jun 17:13
@jcrodriguez-dis jcrodriguez-dis
V3.0.1
fb271a5
Compare
Choose a tag to compare
V3.0.1

VPL Jail System 3.0.1

This release brings with it fixes and enhancements.

  • Added support for supplementary planes of UTF-8 in JSON: This update extends the scope of our system’s compatibility by including all corresponding Unicode characters in UTF-8’s supplementary planes for JSON formatting.
  • The installer switches the preferred VHDL Compiler: The installer now employs GHDL as the default VHDL compiler, replacing FreeHDL due to its unavailability in the new Ubuntu releases. Note that GHDL is used from version 4.1.1 of VPL.
  • VNC Server launch improvements: We’ve fixed the vncconfig detection when launching the VNC server.
  • SELinux Status Check: The service launcher now performs a check of the usage and current state of SELinux. It will display a message if SELinux is installed and not in a disabled state. Note that the VPL Jail server is not compatible with SELinux.
Loading

V3.0.0

06 Oct 10:51
@jcrodriguez-dis jcrodriguez-dis
V3.0.0
f04c05d
Compare
Choose a tag to compare
V3.0.0

VPL Jail System 3.0.0

This release notes decribe the changes included in this release from version 2.7.2.

  • Adds a new run mode for web apps. This mode allows accessing web apps from the client browser directly instead of interacting with a browser running on the server. This will drastically reduce the server resources used by this type of app.
  • Adds support for JSON-RPC. The server detects if the request is XML-RPC or JSON-RPC and responds appropriately. This feature allows using the server with older clients (Moodle VPL plugin version < 4.0.0) and new clients that run on PHP 8 or higher without XML-RPC support. Using JSON-RPC also removes the limits of XML-RPC ints.
  • Adds a new RPC call named “update”. This RPC call allows updating files in the execution environment from the client without stopping the executing task. This call is useful for interpreted languages such as PHP in a web app.
  • Adds a new RPC call named “directrun”. This RPC call will allow new future features.
  • The WebSocket protocol is improved to accept larges packets and fragmented packets.
  • Adds SSL_CIPHER_SUITES configuration parameter. This parameter is used to set ciphers for TLSv1.3 if available.
  • Adds HSTS_MAX_AGE configuration parameter. This parameter allows HTTP Strict-Transport-Security by setting the max-age parameter of the Strict-Transport-Security header. This parameter requires the use of PORT = 0.
  • The installer adds Julia programming language to the list of development software installable.
Loading

V2.7.2

19 Jan 10:33
@jcrodriguez-dis jcrodriguez-dis
V2.7.2
fe0324d
Compare
Choose a tag to compare
V2.7.2

VPL Jail System 2.7.2

This release notes decribe the changes included in this release from version 2.7.0.

  • This release includes a workaround to a problem with the limits of int
    in the XMLRPC protocol (the protocol uses int32).
    This problem avoids setting a memory size or file size larger than the maximum int32 value.
    A full solution to this problem requires modifications in the Moodle plugin side.
    This temporal workaround switches the size limit to the jail server local size limit
    when the problem is found.

  • Uses long long int to represent memory a file size.

  • The installer includes the tool bc and new modules when installing python3:
    mypy, pycodestyle, and pydocstyle.

  • The system checks for a change in the SSL certificate, reloading it if changed.
    This allows updating certificates without stopping the service.

  • This release (included in V2.7.1) fixes a problem that affects systems
    with old versions of g++ that are not compatible with std::regex class.
    This problem is known to affect CentOS 7.

Loading

V2.7.0

07 Mar 21:47
@jcrodriguez-dis jcrodriguez-dis
V2.7.0
38d3810
Compare
Choose a tag to compare
V2.7.0

VPL Jail System 2.7.0

This release notes decribe the changes included in this release from version 2.6.0.

Installation

The new version moves the location of programs and script from the directory "/etc/vpl" to directory "/usr/sbin/vpl" and the location of log files from the directory "/etc/vpl" to directory "/var/log/vpl". Resolves issue #45.

The installer adds MiniZinc and Groovy to the development software and renames Python to Python2.

Kotlin

The installer ask if you want to install the kotlin command line compiler. You must introduce a kotlin version number to download and install it. See Kotlin home page for getting the version number.

Note: At this moment VPL-Jail-System does not support Kotlin distributes using Snap

Configuration

Adds new parameter to control limits of data in request and evaluation result, REQUEST_MAX_SIZE and RESULT_MAX_SIZE.

Loading

V2.5 Release

03 Oct 17:42
@jcrodriguez-dis jcrodriguez-dis
v2.5
54aab5e
Compare
Choose a tag to compare
V2.5 Release

VPL-JAIL-SYSTEM 2.5

VPL Logo

The VPL-Jail-System serves an execution sandbox for the VPL Moodle plugin. This sandbox provides interactive execution, textual by xterm and graphical by VNC, and non-iterative execution for code evaluation purpose.

For more details about VPL, visit the VPL home page or
the VPL plugin page at Moodle.

Requirements

The VPL-Jail-System is an open software execution system and requires a specific environment.

Software requirements

The VPL-Jail-System 2.4 requires a Linux O.S with YUM or APT as package manager and systemd or system V as service manager. The system has been tested on Debian, Ubuntu and CentOS.

O.S. Version Arch. Results
Ubuntu 18.04 32b/64b Compatible
Ubuntu 16.04 32b/64b Compatible
Ubuntu 14.04 32b/64b Not functional due to the lack of OverlayFS
Debian 9 32b/64b Compatible
Debian 10 32b/64b Compatible
CentOS 7 64b GUI programs not available. Requires to disable or configure SELinux
CentOS 6 Not functional

Hardware requirements

The system has been developed to offers immediate and interactive execution of student's programs. This means that the system can attend multiple-executions simultaneously.

The hardware required to accomplish this task depends on the number of simultaneous executions at a time, the requisites of the program, and the programming language used. For example, a PHP Web program may require a huge amount of RAM, especially for the Web Browser execution, but a Python program may need one hundred times less of RAM.

Our experience is that a machine with only 2Gb of RAM and 2 cores can support a class with 50 students online using Java (Non-GUI). If you are conducting an exam the hardware required may be tripled. Possibly the critical resource may be the RAM. If the system exhausts the RAM the O.S. will start swapping and the throughput will decrease drastically. Our tests indicate that the 32-bit O.S. uses less memory and CPU than the 64-bit version. Remember that you can add (or remove) VPL-Jail-systems to a VPL installation online.

Installation

Selecting the hardware

The recommended option is using a dedicated machine. If you can not use a dedicated machine try using a Virtual Machine e.g. using VirtualBox. This will aisle and limit the resources used by the service.
If you decide to use other services in the same machine that the use of resources by VPL-Jail-System may decrease the performance of the others service. Although no security breach has been reported, notice that the nature of the service (execute external code) leads to an intrinsic threat.

Preparing the system

Install a Linux O.S. as clean as possible. If you have enough resources you can install a GUI interface. Stop any service that you don't need as web server, ssh server, etc. If the O.S. has a firewall, you must configure it (or stop it) to give access to the only two ports needed by the VPL-Jail-System. If you use automatic updates, you must restart the VPL-Jail-System to take into account the update. You can use cron to automate this process.

Getting VPL-Jail-System

VPL-Jail-System is distributed only as source files. You must get the source package from https://vp.dis.ulpgc.es eg. using

wget https://vpl.dis.ulpgc.es/releases/vpl-jail-system-[version].tar.gz

or from the github repository, generating the package with

make distcheck

Running the installer

After getting the package you must decompress it and run the installer.

tar xvf vpl-jail-system-[version].tar.gz
cd vpl-jail-system-[version]
./install-vpl-sh

The "./install-vpl-sh" must be run as root.

Follow the instructions and wait for the necessary downloads. The installation script will try to install the development software commonly used.

The installer will ask you about:

  • If you want that the installer creates a self-signed SSL certificate.
  • (updating) If you want to replace the configuration file with a fresh one.
  • If you want to install different compilers and interpreters.

Updating VPL-Jail-System

If you want to update VPL-Jail-System follow the same steps that the first installation. The installer will update the current version.

Removing VPL-Jail-System

Run uninstall-sh of the current version.

Configuration

After installing the VPL-Jail-Service, the service will be started with a default configuration. If you want to change the configuration you must edit the file /etc/vpl/vpl-jail-system.conf.

After configuration changes, you must restart (as user root) the service to use the new configuration values.
Using systemd

systemctl restart vpl-jail-system

or using system V

service vpl-jail-system restart

Main configuration parameters

  • PORT. Socket port number to listen for http and ws connections. The default value is 80
  • SECURE_PORT. Socket port number to listen for https and wss connections. Default value 443
  • URLPATH. Act as a password, if no matches with the path of the URL request then it's rejected. The default value is "/".
  • LOGLEVEL. This value goes from 0 to 8. Use 0 for minimum log and 8 for the maximum log. Level 8 doesn't remove the prisoners' home directory. IMPORTANT: Do not use high loglevel in production servers, you may get low performance. The default value is 3.

Checking

You can check the availability of your execution server using the URL

http://server:PORT/OK and https://server:SECURE_PORT/OK

where "server" is the name of your execution server. The system must return a page with OK

Troubleshooting

You can obtain a detailed log of the execution process by changing the log level at the configuration file. Commonly The logs will be written to "/var/log/syslog".

Adding the VPL-Jail-System to VPL

The URL of the service in the general module configuration or in the local execution server settings of your Moodle server is

http://server:PORT/URLPATH or https://server:SECURE_PORT/URLPATH

:PORT and :SECURE_PORT can be omitted if using the standard ports.

Changes from the 2.2 to 2.3 version

The main new of the 2.3 version is the change of file system used to replicate root directory on jail. This version includes some minor fixes and is compatible and interchangeable with the previous one.

The replication of the root file system is done with overlayfs, allowing to adapt the replica to the needs of the VPL-Jail-System easily and safe. To accelerate the execution and limit the file system changes, the users' home directory has been mounted as a tmpfs. Also the possibility of mounting the replica allowing SETUID has been added.

The use of the tmpfs removes the need of the "vncaccel.sh" script.

The new parameters to control these new features are:

  • USETMPFS. This switch allows the use of tmpfs for "/home" and the "/dev/shm" directories. Changing this switch to "false" can degrade the performance of the jail system. To deactivate this option use USETMPFS=false. The default value is USETMPFS=true.
  • HOMESIZE. This option set the size of the "/home" directory. The default value is 30% of the system memory. This option is applicable if using tmpfs file system for the "/home" directory.
  • SHMSIZE. This option set the size of the "/dev/shm" directory. The default value is 30% of the system memory. This option is applicable if using tmpfs file system for the "/dev/shm" directory.
  • ALLOWSUID. This switch allows the execution of programs with a suid bit inside the jail. This may be a security threat, use at your own risk. To activate this option, set ALLOWSUID=true.

Changes from the 2.3 to 2.4 version

The installer and service control script has been update to support systemd service manager. Versions before 2.4 use only system V service manager. The change allows to install vpl-jail-system on Linux distributions that use YUM or APT and systemd or system V. Other fixes and changes are:

  • The default log level has been increased to 3.
  • The size of the SSL key created when installing has been increase to 2048. New versions of OpenSSL lib require this size.
  • Improves the cleaning of finished tasks

Changes from the 2.4 to 2.5 version

From the first versions of the VPL jail service the system includes a logic to ban IPs with high number of failed requests. This feature now can be controlled with a new configuration numeric parameter called FAIL2BAN. The banning and the account of failed requests take periods of 5 minutes. If one IP does more than FAIL2BAN*20 failed requests and more failed request than succeeded then the IP is banned until the next period. The FAIL2BAN set to 0 stop the banning process. The default value of FAIL2BAN is 0 then this feature has been disable by default.

The structure of jail file systems has change to improve the compatibility and performance of the use of overlayFS in different O.S. configurations. Now the upper layer of the overlaid file system is on a tmpfs file system or, if you set the USETMPFS=false, is on a loop file system located at a sibling path to the control path (by default /var/vpl-jail-system.fs). IMPORTANT! if you set USETMPFS=false the you can not set HOMESIZE to a system memory percent, you must set HOMESIZE to an fixed value. The HOMESIZE value can be in megabyte or gigabyte. E.g.

  • HOMESIZE=8G
  • HOMESIZE=4500M
Loading