Docker timeout for container?

Question

For my dissertation at University, I\'m working on a coding leaderboard system where users can compile / run untrusted code through temporary docker containers. The system seems

Answer 1

I have achieved a solution for this problem.

First you must kill docker container when time limit is achieved:

#!/bin/bash
set -e
did=$(docker run -it -d -v "/my_real_path/$1":/usercode virtual_machine ./usercode/compilerun.sh 2>> $1/error.txt)
sleep 10 && docker kill $did &> /dev/null && echo -n "timeout" >> $1/error.txt &
docker wait "$did" &> /dev/null
docker rm -f $ &> /dev/null

The container runs in detached mode (-d option), so it runs in the background. Then you run sleep also in the background. Then wait for the container to stop. If it doesnt stop in 10 seconds (sleep timer), the container will be killed.

As you can see, the docker run process calls a script named compilerun.sh:

#!/bin/bash
gcc -o /usercode/file /usercode/file.c 2> /usercode/error.txt && ./usercode/file < /usercode/input.txt | head -c 1M > /usercode/output.txt
maxsize=1048576
actualsize=$(wc -c <"/usercode/output.txt")
if [ $actualsize -ge $maxsize ]; then
    echo -e "1MB file size limit exceeded\n\n$(cat /usercode/output.txt)" > /usercode/output.txt
fi

It starts by compiling and running a C program (its my use case, I am sure the same can be done for python compiller).

This part:

command | head -c 1M > /usercode/output.txt

Is responsible for the max output size thing. It allows output to be 1MB maximum.

After that, I just check if file is 1MB. If true, write a message inside (at the beginning of) the output file.