debootstrap accessing original root system chroot jail

Question

I am writing an online coding jude site like spoj.pl and i am creating a jail for compiling and executing the program. I wrote a script which takes c/c++ source code , compile and run the code. I need to execute this program in a jail created by debootstrap but i have to restrict permissions to my script and allow the binary to read only the - input/output files present in the original /home/ubuntu system.

Is it possible ?

Linux system:
/home/ubuntu:
   This folder has 
   online_judge/scripts.py ...
   input_output/input*.txt,output*.txt

/Jail 
    submissions/code.c
    submissions/code.cpp

I need to invoke scripts.py of /home/ubuntu in the jail with restricted jail user ,compile the code and run the binary. The Jail user should never be able to access any of the /home/ubuntu files except input_output/input*txt which i can give then execute permission

Answer 1

I need to invoke scripts.py of /home/ubuntu in the jail with restricted jail user,

You said that scripts.py is located in /home/ubuntu/online_judge, which is NOT in the /Jail. So, either you have the jail user restricted to /Jail or not. If the restricted jail user should execute online_judge/scripts.py you'd have to make it accessible somewhere under /Jail.

The Jail user should never be able to access any of the /home/ubuntu files except input_output/input*txt which i can give then execute permission

Hardlinks may help, e.g. "ln /home/ubuntu/online_judge/scripts.py /Jail/scripts.py", now the restricted jail user has access to scripts.py via /Jail/scripts.py. Be sure to restrict write-access to that file, otherwise s/he would modify both "copies".

Answer 2

You need to use debootstrap you can download the necessary compiling toolchains. so instead of trying using existing systems toolchain use from debootstrap's provided toolchain or also you can download toolchain via apt-get from the jail inside. If all fails, then try using scratchbox (www.scratchbox.org), it contains all the compiling toolchain you need also an execution environment. Hope it'll help!