Good day! When writing a subsystem for testing custom solutions to programming problems, I encountered the following problem:

It is necessary to prohibit the program sent by the user, which I launch using the Process class functionality, make changes to the registry, prohibit access to the Internet, and prohibit reading / writing of files, folders, etc.

  • I do not use AppDomains. requires support for non-dotnet programming languages
  • Virtual machines (Virtual Box + its API) will decrease performance too much
  • Docker containers are not suitable due to the complexity of working with them, as well as due to a loss in performance
  • The functionality of Sandboxie is too limited, and besides, it is paid ...
  • Running on a separate user without rights is already in use, but it does not help to prohibit the launch of processes by a user program ...

On this modest list, my ideas are exhausted. Tell me, please, what can be done in this situation.

PS Testing subsystem works on Windows, written in C #.

  • Themselves invented the problem and want to solve them heroically. Show me who sang about speeding in the docker. - gbg
  • For example, an average school server: 2 GB of RAM, 4x economy class xyon. You must simultaneously serve up to 15 people. This is where the problem comes from. And you can’t explain to computer science teachers (in some of them) why decisions are being tested for so long ... - Sirkadirov
  • one
    @Sirkadirov: Launching other processes can be forbidden to the user with the help of administrative templates, in theory. - VladD
  • @Sirkadirov: For example: bleepingcomputer.com/tutorials / ... or nextofwindows.com / ... (look for the group policy keywords). - VladD
  • @VladD: I know that this option is not suitable due to the fact that the system assumes installation on the schools' servers, and this method complicates the process too much ... But still, thank you for the information! - Sirkadirov

0