News

Release of VPL Jail System 3.0.0

VPL Jail System 3.0.0

Download VPL Jail System 3.0.0

More details in the 3.0.0 manual version

 

Release notes

This release includes new features and improvements.

  • Adds a new run mode for web apps. This mode allows accessing web apps from the client browser directly instead of interacting with a browser running on the server. This will drastically reduce the server resources used by this type of app.
  • Adds support for JSON-RPC. The server detects if the request is XML-RPC or JSON-RPC and responds appropriately. This feature allows using the server with older clients (Moodle VPL plugin version < 4.0.0) and new clients that run on PHP 8 or higher without XML-RPC support. Using JSON-RPC also removes the limits of XML-RPC ints.
  • Adds a new RPC call named “update”. This RPC call allows updating files in the execution environment from the client without stopping the executing task. This call is useful for interpreted languages such as PHP in a web app.
  • Adds a new RPC call named “directrun”. This RPC call will allow new future features.
  • The WebSocket protocol is improved to accept larges packets and fragmented packets.
  • Adds SSL_CIPHER_SUITES configuration parameter. This parameter is used to set ciphers for TLSv1.3 if available.
  • Adds HSTS_MAX_AGE configuration parameter. This parameter allows HTTP Strict-Transport-Security by setting the max-age parameter of the Strict-Transport-Security header. This parameter requires the use of PORT = 0.
  • The installer adds Julia programming language to the list of development software installable.

Release of VPL Jail System 2.7.2

VPL Jail System 2.7.2

Download VPL Jail System 2.7.2

More details in the version 2.7.2 manual

 

Release notes

This is a bug-fix release of version 2.7.1 with small improvements.

  • This release includes a workaround to a problem with the limits of int in the XMLRPC protocol (the protocol uses int32). This problem avoids setting a memory size or file size larger than the maximum int32 value. A full solution to this problem requires modifications in the Moodle plugin side. This temporal workaround switches the size limit to the jail server local size limit when the problem is found.
  • Uses long long int to represent memory a file size.
  • The installer includes the tool bc and new modules when installing python3: mypy, pycodestyle, and pydocstyle.
  • The system checks for a change in the SSL certificate, reloading it if changed. This allows updating certificates without stopping the service.

Release of VPL Jail System 2.7.0

VPL Jail System 2.7.0

Build Status

Download VPL Jail System 2.7.0

More details in the version 2.7.0 manual

Release notes

his release notes decribe the changes included in this release from version 2.6.0.

Installation

The new version moves the location of programs and script from the directory "/etc/vpl" to directory "/usr/sbin/vpl" and the location of log files from the directory "/etc/vpl" to directory "/var/log/vpl". Resolves issue #45.

The installer adds MiniZinc and Groovy to the development software and renames Python to Python2.

Kotlin

The installer ask if you want to install the kotlin command line compiler. You must introduce a kotlin version number to download and install it. See Kotlin home page for getting the version number.

Note: At this moment VPL-Jail-System does not support Kotlin distributes using Snap

Configuration

Adds new parameter to control limits of data in request and evaluation result, REQUEST_MAX_SIZE and RESULT_MAX_SIZE.

 

Release of VPL Jail System 2.7.1

VPL Jail System 2.7.1

Build Status

Download VPL Jail System 2.7.1

More details in the version 2.7.1 manual

Release note

This is a bug-fix release of version 2.7.0. This release fixes a problem that affects systems with old versions of g++ that are not compatible with std::regex class. This problem is known to affect CentOS 7.

Release of VPL Jail System 2.6.0

VPL-JAIL-SYSTEM 2.6.0

Build Status

VPL Logo

The VPL-Jail-System serves an execution sandbox for the VPL Moodle plugin. This sandbox provides interactive execution, textual by xterm and graphical by VNC, and non-iterative execution for code evaluation purposes.

For more details about VPL, visit the VPL home page or the VPL plugin page at Moodle.

Requirements

The VPL-Jail-System is an open software execution system and requires a specific environment.

Software requirements

The VPL-Jail-System 2.4 requires a Linux O.S with YUM or APT as a package manager and systemd or system V as a service manager. The system has been tested on Debian, Ubuntu, and CentOS.

O.S. Version Arch. Results
Ubuntu 20.04 64b Compatible
Ubuntu 18.04 64b Compatible
Ubuntu 16.04 32b/64b Compatible
Ubuntu 14.04 32b/64b Not functional due to the lack of OverlayFS
Debian 9 32b/64b Compatible
Debian 10 32b/64b Compatible
CentOS 7 64b GUI programs not available. Requires to disable or configure SELinux
CentOS 6   Not functional

Hardware requirements

The system has been developed to offers immediate and interactive execution of students' programs. It means that the system can attend multiple-executions simultaneously.

The hardware required to accomplish this task depends on the number of simultaneous executions at a time, the requisites of the program, and the programming language used. For example, a PHP Web program may require a considerable amount of RAM, especially for the Web Browser execution, but a Python program may need one hundred times less of RAM.

Our experience is that a machine with only 2Gb of RAM and two cores can support a class with 50 students online using Java (Non-GUI). If you are conducting an exam, the hardware required maybe tripled. Possibly the critical resource may be the RAM. If the system exhausts the RAM, the O.S. will start swapping, and the throughput will decrease drastically. Our tests indicate that the 32-bit O.S. uses less memory and CPU than the 64-bit version. Remember that you can add (or remove) VPL-Jail-systems to a VPL installation online.

Installation

Selecting the hardware

The recommended option is using a dedicated machine. If you can not use a dedicated computer try using a Virtual Machine, e.g. using VirtualBox. This approach will provide aisle and limit the resources used by the service. If you decide to use other services in the same machine that the use of resources by the VPL-Jail-System may decrease the performance of the other services. Although no security breach has been reported, notice that the nature of the service (execute external code) leads to an intrinsic threat.

Preparing the system

Install a Linux O.S. as clean as possible. If you have enough resources, you can install a GUI interface. Stop any service that you don't need as the web server, ssh server, etc. If the O.S. has a firewall, you must configure it (or stop it) to give access to the only two ports needed by the VPL-Jail-System. If you use automatic updates, you must restart the VPL-Jail-System to take into account the update. You can use cron to automate this process.

Getting VPL-Jail-System

VPL-Jail-System is distributed only as source files. You must get the source package from https://vp.dis.ulpgc.es, e.g., using

wget https://vpl.dis.ulpgc.es/releases/vpl-jail-system-[version].tar.gz

or from the GitHub repository, generating the package with

make distcheck

Running the installer

After getting the package, you must decompress it and run the installer.

tar xvf vpl-jail-system-[version].tar.gz
cd vpl-jail-system-[version]
./install-vpl-sh

The "./install-vpl-sh" must be run as root.

Follow the instructions and wait for the necessary downloads. The installation script will try to install the development software commonly used.

The installer will ask you about:

  • If you want that the installer creates a self-signed SSL certificate.
  • (updating) If you want to replace the configuration file with a fresh one.
  • If you want to install different compilers and interpreters.

Updating VPL-Jail-System

If you want to update the VPL-Jail-System, follow the same steps that the first installation. The installer will update the current version.

Removing VPL-Jail-System

Run uninstall-sh of the current version.

Configuration

After installing the VPL-Jail-Service, the service will be started with a default configuration. If you want to change the setting you must edit the file /etc/vpl/vpl-jail-system.conf, see VPL-Jail-System configuration for more details.

After configuration changes, you must restart (as user root) the service to use the new configuration values. Using systemd

systemctl restart vpl-jail-system

or using system V

service vpl-jail-system restart

Checking

You can check the availability of your execution server using the URL

http://servername:PORT/OK and https://servername:SECURE_PORT/OK

Where "server" is the name of your execution server. The system must return a page with OK

Updating the software in the jail

After installing or updating packages or files in the host system, you must restart the service with "systemctl restart vpl-jail-system" to make available the changes in the jail. If you don't want to restart the service, you can drop the kernel caches to do the overlayFS file system aware of the changes. To drop the kernel caches run as root

sync; echo 7 > /proc/sys/vm/dropcaches".

Troubleshooting

You can obtain a detailed log of the execution process by changing the log level at the configuration file. Commonly The logs will be written to "/var/log/syslog".

Adding the jail/execution server to the VPL plugin at Moodle

The URL of the service is http://server:PORT/URLPATH or https://server:SECURE_PORT/URLPATH

:PORT and :SECURE_PORT can be omitted if using the standard ports numbers.

You can use the jail server URL in the VPL plugin configuration and, in the "local execution server" settings of a VPL activity.

Changes from the 2.5 to 2.6 version

The 2.6 version include the following new features.

The installer includes the installation and basic configuration of the Cerbot software. This package allows the system to get and renew Let's Encrypt certificates. The server configuration includes new parameters that improve the management of the cipher communications with https and wss.

  • SSL_CIPHER_LIST

This parameter specifies ciphering options for SSL. In case of wanting to have Forward Secrecy, the value must be ECDHE. The default value is SSL_CIPHER_LIST=

SSL_CIPHER_LIST=ECDHE
  • SSL_CERT_FILE

Indicates the path to the server's certificate in PEM format. If your Certification Authority is not a root authority you may need to add the chain of certificates of the intermediate CAs to this file. The default value is SSL_CERT_FILE=/etc/vpl/cert.pem

SSL_CERT_FILE=/ssl/certs/mycert.pem
  • SSLKEYFILE

Indicates the path to the server's private key in PEM format. The default value is SSL_KEY_FILE=/etc/vpl/key.pem.

SSL_KEY_FILE=/ssl/certs/private/mykey.pem